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Fight the neck pain: forget that futile search for images. 

PhotoDisc images are cleverly grouped for much easier reference, 
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To experience this first hand get the PhotoDisc Starter Kit and feast 
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Quota Server: Windows NT Disk Quota Management 

When you move NT into production, you’ll see that NT lacks the essential ability to set disk quotas. Users would 
simply take up as much disk space as they like, and there was nothing you could do about it until now. 
Quota Server from Argent®solves this problem. 

* Quota Server Manages the Explosive Growth of Disk Space on Your Network 

With the ever increasing connection to networks, users can now fill up a disk faster than ever. Without 
Quota Server you face a constant, ongoing and expensive battle. With Quota Server, the environment is 
managed for you - automatically. Set the quotas once, and Quota Server does the rest. A one-time 
investment in Quota Server removes your main NT problem once and for all. 

+■ Buying More, More, and yet More Disks—the Gasoline-on-the-Fire Approach 

This approach makes some sense - a gigabyte is now under $300. But the weakness of this approach is that 
it just makes the problem worse - users are not discouraged from keeping old, useless files on-line. The 
real solution is Quota Server. 

Customize Reports, Monitor Multiple Servers Concurrently, Handle Huge Quotas 

Quota Server generates customizable reports. In an instant you will know who takes up what space, how 
much space is still available, etc. Quota Server can also monitor a large number of servers from the same 
window. With Quota Server, you can enforce quotas up to 2 terabytes in size. 

Quota Server is Flexible and Easy to Use — All Sites Need Quota Server 

Quota Server allows you to set multiple levels of alerts, warnings, actions and pop-ups, as well as integrates 
with all common E-mail systems. Notifications can be sent to several persons at the same time. Quota 
Server is fully integrated into the NT File Manager and the new Explorer Shell in Windows NT 4.0, so that it 
is extremely easy to use. Quota Server is tub-tested, market-proven software. 


ARGENT SOFTWARE 001 - 860 - 489-5553 

Mainframe-Power Products for W indows NT www.argent-nt.com 

PERFORMANCE MONITORING & ALERTING • JOB SCHEDULING 
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Why legislation should be set up for ISPs 


Richards 


Do we need Federal legislation for ISPs like Microsoft’s 
NineMSN. Last month, corporate customers of 
Microsoft’s MSN service came back from their 
Christmas breaks to discover that they had no email 
service, myself included. The problem that went on 
intermittently for five days was caused because once 
again Microsoft’s Internet email server at the company’s 
Redmond headquarters in the USA was down.The offi¬ 
cial fine was that an Internet password verification server 
had failed and was rejecting verification access. 
Compounding this was the failure of a new Telstra router 
introduced to allow MSN customers to gain better 
access using 56K modems. 

Last year, Microsoft servers in the US which control 
global email services were down for five days, resulting 
in millions of email messages banking up. At the time 
Microsoft defended itself by telling the world it was an 
isolated problem that would not happen again. Well it 
has. Users facing the problem this time then had to run 
the gauntlet of MSN’s inept service support operation. 
Instead of honestly telling users that the company’s 
servers were down, Microsoft blamed Telstra and various 
modem manufacturers before confronting the problem. 

On top of this, MSN also faced problems associated 
with the issuing of literally thousands of MSN 2.5 
upgrade CDs which, when loaded onto a system, 
corrupted the network settings and tried to reset email 
settings in Outlook and Exchange with no luck. 

This brings me to the question of whether Federal 
Government intervention should come into play with 
regard to ISPs. Let’s face it, email today is a vital ingre¬ 
dient of many business operations and if the national 
telephone service was down for four or five days, there 
would be a hue and cry. And with Microsoft, we are not 
dealing with a small company, we are dealing with a 
multi-billion dollar global conglomerate who should 
have in place switch over service or stand-by service 
that mirrors the existing email service, thus allowing it 
to be switched over should a fault arise. What I would 
like to see is the Federal Government Communications 
Minister, Richard Alston, introduce a sub-committee to 
investigate whether we need legislation to force ISPs to 
put into place a back-up service for email. This would 
be tantamount to ISPs being forced to invest in not only 


a backup service but security and peace of mind for 
their customers whose businesses depend on an efficient 
email service. 

Of late, NineMSN’s focus has been more on creative 
content as opposed to a reliable business service. 
Recently the company has been pouring millions into 
the Web, but it finds that no matter how much money it 
spends, it can’t seem to make it pay off- at least, not yet. 
When MSN launched in October 1996, the mantra was ■ 
that the Web was becoming an entertainment medium 
like television and MSN was focused on bandwidth¬ 
intensive shows available exclusively to its members. 
Many questioned whether Netizens would have the 
patience to sit in front of their computers and wait while 
entertaining graphics loaded. 

But purely entertainment efforts have largely failed 
on the Web due to the bandwidth constraints. As it 
turned out, officials were not willing to wait for traffic to 
increase, especially when it appeared their gamble lost. 

Instead, the company changed its strategy. It started 
pulling back on the entertainment effort and refocussed 
on beefing up its so-called free space and its sites directly 
related to commerce, such as car-buying service 
CarPoint and travel site Expedia. Next month it will kill 
off its online travel magazine Mungo Park, which 
features obviously expensive expeditions all over the 
world to promote its travel service. 

Earlier last month, Microsoft announced it was 
buying the free email provider Hotmail, showing yet 
again that Microsoft is putting its fortune into the open 
Web, not hiding it behind the firewalls of MSN, which 
stopped releasing membership numbers and by most 
accounts is having trouble garnering new subscribers. 

The bottom fine is that for corporate clients, the 
MSN service is fragmenting. On one hand it wants to 
provide a corporate service while sucking up to domes¬ 
tic users with a host of services that are not being used. 
Its service has become farcical and events of the past few 
months should not have happened. Upgrade CDs like the 
recent one that corrupted network settings should have 
been tested prior to being syndicated. But above all, if 
Microsoft wants to play in the domestic ISP market it 
should invest in a local data centre which incorporates 
backup and a more efficient service for its customers. 
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Why install fax client software when you already havi 
Microsoft® Exchange or Outlook? 

With Faxination® for Microsoft Exchange, you 
Exchange client is the fax client. 

No additional client software to install, no additiona 
user training, no support backlog. See the positivi 
effect on your Total Cost of Ownership! 


INTEGRATION 

You just deployed 1000 Exchange users and now you have 
to enter them in a fax server directory as well? Get real! 
With Faxination, the Exchange directory is the fax 
directory. So instead of juggling with two directories you 
can handle everything from within Microsoft Exchange, 
using the familiar Exchange Admin tool. 

INTEGRATION 



In the real world, corporate needs extend beyond Fax and Exchange. With Faxination it is easy 
to add modules for S AP R/3 , SMTP . Paging. Mobile and even Telex connectivity, giving you one 
integrated solution for all your communication requirements. 



Because today's messaging is global, Faxination for Microsoft 
Exchange is available in 9 languages and is supported by a 
qualified partner network covering 54 countries worldwide. To 
find out more about Faxination for Microsoft Exchange and 
how we can tackle your real world issues today, call one of our 
Australian partners or visit our web site at www.fenestrae.com. 



Fenestrae* 


Mulder Communications 
Phone : 02 9418 8123 
Fax: 02 9427 2279 
annetteo@mulcoms.com.au 


www. fenestrae. com 
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Predictions of ( 


rian 


Kaufman 


It’s become a cliche in IT journalism to predict the 
industry’s future at the beginning or end of each year. 
Gathering up their facts from research consultants such as 
the Gartner Group, or information fed to them by com¬ 
panies and other industry insiders, IT journalists have 
been valiantly making predictions for the last decade and 
a half. Some have been right, many 
have been wrong. So, in my hazardous 
attempt to stick my neck out and 
blend with the crowd, here are my 
predictions for 1998: 

1) The death of multimedia, or more 
specifically, the term ‘multimedia’. 

Of all the ludicrous acronyms and 
terms the IT industry has thrown at 
us, multimedia has always been my 
pet hate. After all, what does the term 
mean? Words that go with pictures 
that go with sound. I’m sorry, but 
haven’t computer games been offer¬ 
ing the same mix of technologies 
since the late 1970s? 

There is nothing new in multimedia, nor is there any¬ 
thing innovative. Australia’s future lies not in multimedia 
but in services - of which many will hopefully use sev¬ 
eral media formats in the same way that many software 
packages have been doing for the last decade. 

People are already waking up to this, with Telstra 
announcing late last year the death of its Multimedia sub¬ 
sidiary. Not surprisingly, one of the reasons was because 
the term multimedia can stand for anything and, as such, 
its multimedia subsidiary handled too many things in too 
many different areas. Having said that, ‘multimedia’ will 
obviously make its presence felt in most applications, 
from directory services to databases and word processors. 

2) Thin clients and the future of the NC. 

You can say what you want about Oracle’s Larry Ellison 
and many people have, but you have to give him credit 
when it comes to stirring things up. Part of me still 
believes that his concept of the NC was simply a shot in 
the dark aimed to subvert the Microsoft world, with lit¬ 


tle practical basis behind it. Yet two years later it at least 
did one thing - recreate the notion of thin clients. 

As I’ve mentioned in a previous column, the NC has 
many problems. It requires a completely new infrastruc¬ 
ture, it’s not much cheaper than existing solutions, it’s 
restrictive and, last but not least, incompatible with other 
solutions. For example, an NC client 
from one vendor may not work with 
an NC server from another.Yet now 
it looks like a similar technology may 
work and ironically that technology 
will come from Microsoft. As dedi¬ 
cated readers of Windows NT 
Magazine know, that technology is 
called Hydra. 

Imagine if your company has 50 
employees and most of their PCs are 
486s. Now imagine if you want to set 
up an NT network but don’t want to 
throw out your old PCs. With NT 
5.0 due to incorporate Citrix’s multi 
user NT technology (formerly code 
named Hydra and now called 
Windows Based Terminal Server), you don’t have to. All 
of a sudden, thin clients are starting to make sense. But 
sorry, Larry, your concept of the NC still doesn’t. 

3) Remote Access. 

A funny thing happened when Microsoft scrambled to 
make thin client technology work, and that was to make 
Zero Administration a possibility. As outlined in the fea¬ 
ture Zero Administration for Windows (ZAW) on page 
56, ZAW makes thin clients viable as data can not only 
be stored on the server, but also managed, cached and 
installed from it as well. Needless to say that one of the 
biggest advantages of this would be to make remote 
access a lot easier. 

It’s been predicted that by the end of the decade a third 
of all PCs will be notebooks and many companies are 
beginning to follow this trend. Buying fleet notebooks is 
becoming almost as common as fleet cars and the logic 
behind paying big bucks for office space when all they 
need is to supply notebooks is starting to look dubious. 
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Pentium*! 


They’re faster, more powerful, 50% cheaper and legal. 
They’re the HP Kayak PC Workstations, the first PCs 
to outperform 3-D design workstations and officially 
the number 1 PC workstations in the world*. In fact the 


only thing standard about the HP Kayak series is the 
Hewlett-Packard 3 year on site warranty. So test youi 
nearest HP reseller’s sample on 13 13 47. The HP Kayak 
PC Workstations; don’t get caught with anything less 


| Be sure it’s powerful. 



























Scalabilityjiaza 


Smith 


Lately, reader email has kept me thinking about scalability 
of both Windows NT 5.0 and hardware. I recendy 
received an email from a reader asking about available 
software for a MIPS-based Windows NT Server. 
Apparendy, this reader had seen a review of the NEC 
RISCServer 2200 dated from 1995 and wondered 
whether it was worth the current asking price of $US250 
(the original price was $US11,500). Before I could 
respond, the reader wrote back saying that his supervisor 
had decided not to buy the system. 

At the same time, Digital Equipment announced it was 
selling the manufacturing rights for its Alpha and 
StrongARM chips to Intel. I started imagining future 
readers asking me whether a $US250 dual-Alpha server 
was a good deal. 

Before I let my mind wander too far, I did a litde analy¬ 
sis and concluded that the Digital and Intel deal is OK for 
Alpha users. First, Intel joins Mitsubishi and Samsung as a 
Digital outsourcing partner for manufacturing the Alpha 
and StrongARM chips. This partnership lets Digital focus 
on design, while its partners focus on manufacturing. As a 
result, Digital can reduce its development costs and can 
start pricing its Alpha-based servers more like its Intel- 
based servers for NT. 

Also, Digital, Intel, and Microsoft have agreed to work 
together on the source code compatibility of NT 64-bit 
APIs across both Intel’s IA-64 (code-named Merced) and 
Digital’s Alpha. This cooperation means software develop¬ 
ers will be able to write code once and compile it to run 
on either Alpha or IA-64. 

In my past editorials, I’ve mentioned 64-bit NT 5.0. 
Technically, that term is not correct. NT 5.0 is still a 32- 
bit operating system only. However, NT. 5.0 will incorpo¬ 
rate a 64-bit Very Large Memory (VLM) model capabili¬ 
ty, initially for Alpha only. By using Microsoft’s 64-bit APIs 
to take advantage of this VLM, enterprise-level versions of 
SQL Server, Oracle, and other applications can achieve 
increased performance when a server has more than 4GB 
of memory (even though the additional memory that is 
addressable through the 64-bit APIs is not pageable or 
swappable). NT 4.0 applications are limited to 2GB of 
private memory and NT 4.0 Enterprise Edition applica¬ 
tions are limited to 3GB of memory. 


By addressing more memory, applications can keep 
more data in the computer’s memory simultaneously, 
reducing the need for swapping data to and from a disk. 
Digital claims that Oracle running on VLM can nm 50 
times as fast as a similarly configured system without VLM. 

Getting back to my previous editorials that deal with 
64-bit NT 5.0: my point was that the Alpha-based systems 
will have a significant head start on providing a platform 
for applications to take advantage of these VLM APIs. For 
companies that are bumping up against the performance 
ceding, the 64-bit VLM capability is welcome news. 

Scaling the Performance Wall 

Scalability, performance, server consolidation and applica¬ 
tion distribution have been issues as long as I’ve been 
working in MIS. For example, I remember once having to 
buy an additional IBM System/38 because the existing sys¬ 
tem hit a performance wall. That addition meant all kinds 
of fancy programming and application distribution as my 
MIS department tried to make the two systems work as 
one. Eventually, we were able to consolidate everything 
into a much larger AS/400, scrapping all the programming 
we did to tie the S/38s together. Now, 10 years later, 
Windows NT Magazine is reliving all of those efforts. 

In our testing labs we discovered that running a Web 
server on two dual-Pentium servers provided better per¬ 
formance than running a Web server on one 4-way sys¬ 
tem. On the 4-way system, SQL Server and Internet 
Information Server (IIS) were competing with each other 
for resources. IIS bandwidth maxed out on the 4-way long 
before the CPU reached its performance ceiling. So now 
we run SQL Server on one system, IIS on another system, 
and Cold Fusion-based forums on yet another server. 
Even though the magazine has a 4-way system, we choose 
to use multiple servers. 

How should you feel about the introduction of 8-way 
NT-based systems? Before you buy one, do yourself a 
favour and test it thoroughly. To help, we’ve scheduled sev¬ 
eral tests of 8-way NT systems, running packages such as 
SQL Server Enterprise Edition, Oracle Enterprise Edition, 
and SQL 7.0. Finally, the lab will test the difference 
between running multiple BackOffice products on an 8- 
way system versus running them on separate NT servers. 

HI 
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Intel attacks Alpha platform with 
333MHz Pentium II 

Intel has announced the 333MHz Pentium II 
chip, which it claims is faster than a 500MHz 
Alpha processor. The chip, previously code- 
named Deschutes, is primarily aimed at the 
desktop and high-end graphics workstation 
markets. "It's the first of a second generation of 
the Pentium II," said Keith Holtham, architec¬ 
ture manager at Intel Australia. According to 
Holtham, its speed should rise above 400MHz 
before the end of the year. 

The Pentium II 333MHz uses the .25 micron 
process and offers MMX, a 32KB LI cache and 
a 512KB L2 cache. It uses the same 440LX moth¬ 
erboard that is currently available for the 
233MHz and 266MHz versions. 

While the 333MHz Pentium II uses the Slot 1 
architecture, a server version of the chip that 
will use Slot II and a dual independent bus will 
be available later this year. Also slated for 
release is a mobile version of the processor, 
which is due later this quarter. 

Intel is also rumoured to release a 3D graphics 
chip, called the Intel 740, this month. Targeted 
toward the performance market, the processor 
could threaten companies such as S3. The chip 
would be used on add on graphic cards. 

Intel can be contacted on 02 9937 5800, or by 
Web at http://www.intel.com.au 



MSN upgrade creates major problems for Microsoft 

M icrosoft, through its MSN operation, is facing a major backlash after an MSN 2.5 
upgrade CD was found to corrupt network settings when loaded. The CD was 
syndicated free to thousands of MSN subscribers. The CD also prevented users 
from accessing email and caused intermittent access problems with Explorer 4.0, the 
MSN browser and other communication software that was reliant on the MSN dialer and 
communication manager software. 

The upgrade also caused Internet mail problems when it tried to establish new email 
access settings in both Outlook and Exchange with users not being able to access a 
major Microsoft Internet mail upgrade server because it was down. 

The problems associated with the upgrade CD were further compounded when 
servers at Microsoft's Seattle HQ crashed, causing access problems for more than 4 days 
in January. Other problems for Microsoft were the intermittent failure of an Internet veri¬ 
fication server, which was unable to verify passwords for hundreds of thousands of 
subscribers worldwide. In Australia, MSN support staff were unable to identify problems, 
leaving users stranded. On six occasions Windows NT Magazine contacted MSN support 
and on six occasions they were unable to fix the problems associated with the upgrade. 
In the end we had to resort to reformatting the hard disk then reloading a new operating 
system and applications. Throughout the exercise support staff were less than honest, 
blaming Telstra and a number of modem manufacturers for the problem. On one 
occasion we were switched through to Microsoft support where support operators 
admitted that they were taking many calls associated with the MSN 2.5 upgrade problem. 

Compounding these problems was the introduction of a new Telstra router for MSN 
users that also failed. Introduced on Christmas Eve, the router, which was designed to 
speed up 56K modem access, has also resulted in modem manufacturers being forced to 
rewrite modem drivers solely to access the new Telstra router. 

"It was an absolute nightmare," said Blaise Hapgood, services manager at 
Netcomm/Banksia. According to Hapgood, even when MSN did post new drivers on its 
Web site they were the wrong ones. "Everything that could go wrong did go wrong," 
he said. 

When Windows NT Magazine spoke to MSN's Technical Director he suggested 
subscribers use another POP or ISP to access their email accounts at MSN. 
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SUN AND INTEL STRIKE A DEAL ON "MERCED" 
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Microsoft buys Hotmail 


W hile it's been rumoured to be in the offing for some time, Microsoft has finally 
done the deed and bought out Hotmail, the free Web based email provider. While 
the Hotmail service itself will not change, it will be integrated into the Microsoft 
vletwork (MSN) internationally. 

"We will definitely bring it into NineMSN," confirmed Jane McKellar, marketing 
iirector for NineMSN in Australia. For those left in the cold, NineMSN is the new title for 
kustralia's MSN service, which ties in some of the media content from Packer's PBL 
Publishing and Broadcasting Limited) media empire, which includes Channel Nine. 
Hotmail is the current leader of free web-based email services and has a worldwide 
user base of 9 million. This, in addition to the existing MSN user 
base, will mean that Microsoft will now be as big, if not 
bigger, than the leading ISPs in terms of a user base. 

However, Hotmail will not override existing MSN 
email accounts, but rather be another option. "We will 
still need to have both the NineMSN members-only 
email and also have the free Hotmail email," 
McKellar said, claiming that this way MSN users 
have the benefits that Outlook offers in addition to 
"the ability to access their own email when they're 
away from home." 

While the full implications of the buy out have not 
seen sorted out, the possibility exists that the US-based company will now create an 
Australian site, leading to faster access times. "At this stage it's too early to tell, but ulti¬ 
mately it would be great if it would," McKellar said. When the Australian integration will 
take place has also not been decided, although McKellar declared that it will be soon. 

The purchase occurred through a swap stock transaction and is rumoured to be 
valued at $US400 million. 

With free web-based email becoming more 
prevalent, Hotmail isn't the first company to be 
bought out. Yahoo, the company that became 
famous for its Internet directory listings, 
announced late last year that it would purchase 
Four'll, which is Hotmail's biggest competitor. 

Both of these companies will face added compe¬ 
tition with Excite's relatively new free email 
service, while Eudora has announced that it to will 
provide a similar service. 
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Size does matter, 
according to Quantum 

According to Quantum most hard disk drives get 
filled up in two years. Quoting IDC's claim that 
most users expect their PCs to last over three 
years, Quantum has decided that the answer 
lies in buying bigger drives-and has launched a 
new series of drives that range in size from 4GB 
to 12GB. 

The Bigfoot TX series arrive in 5.25 inch cases 
and feature Ultra ATA interfaces, a speed of 
4000 RPM, MR heads, PRML read channel, 128K 
buffer and support for the S.M.A.R.T (Self- 
Monitoring, Analysis and Reporting) System. 
Targeted at entry level commercial systems as 
well as mainstream PCs, they range in price 
from $487 for the 4MB model to $853 for the 
12MB model. 



Quantum's products are distributed by 
Electronic Resources, who can be contacted on 
02 9736 3688; and Tech Pacific, who can be 
contacted on 02 9381 6000. You can also see the 
Web site at http://www.quantum.com 
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Passwords: 

who needs them anyway? 


Passwords are one of the biggest risks to net¬ 
work security. No matter how difficult you make 
them, in time someone can always crack them. 
But that situation is about to change. Who? 
Vision Systems, a biometric start-up firm, is 
working with Computer Associates (CA), 
Microsoft and Entrust to make Who? Vision's 
fingerprint-scanning devices work with various 
enterprise software systems. Users place a fin¬ 
ger on the tiny scanner for identification, elimi¬ 
nating the need for a password in most cases. 

Unlike existing standalone fingerprint readers. 
Who? Vision's fingerprint readers will be 
embedded inside a computer monitor's case. 
The company has contracted MAG Group from 
Taiwan to install 35 million of the devices into 
computer monitors during the next four years. 
For more information, check out Who? Vision's 
site at http://www.whovision.com 


(H? introduces the waif look to notebook fashion 


A s any notebook user knows, the major contributor to a notebook's weight and size 
is its battery. However, Hewlett Packard has announced a new notebook that will 
be half the width of normal ones due to it spreading the Lithium Ion battery 
amongst the notebook's actual casing. 

Developed in collaboration with Mitsubishi, the notebook will only weigh 1.4kg, be 
1.8cm thick and feature a 12.1 inch TFT screen. It will also use either a 200MHz or a 
233MHz Mobile Pentium processor with MMX. While there is no name for it as yet, the 
notebook should be released in March with an approximate price of $16,000. 

Delving even further into the portable market, Hewlett Packard has also just released 
the 620LX, which is its colour palmtop computer that uses the 
CE 2.0 operating system. Featuring a mini active matrix colour 
display and CE versions of the major Microsoft applications, 
including Word, Excel and even a mail client, it gives the 
Toshiba Libretto a run for its money at $1489. Unlike HP's 
previous palmtops, the 620LX also features a Lithium Ion 
battery instead of the usual AA batteries,16MB of 
► RAM and, most importantly of all, a larger keyboard 
that makes it easier to type on. 

For more information, contact Hewlett Packard on 
131347 or by Web site at http://www.hp.com 
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Corp. is integrating 
PATROL ® management 
technology 
into the 

BL^ i960RP° I/O 
PATROL P rocessor i n order to provide 
the direct management 
capabilities for I/O subsystems 
customers are asking for. 


Top industry leaders are relying 
on PATROL for a reason. 

To find out why visit us on the 
Web at: www.bmc.com/patrol 
Or call today: 1800 332 530 
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Digital launch 266MHz notebooks 


D igital is jumping on the 266MHz Pentium bandwagon 
with the release of the HiNote VP745 and HiNote Ultra 
2000 GTX5266M notebooks. Both machines incorporate 
13.3 inch or 14.1 inch displays, 4GB hard drives and multimedia 
capabilities. 

The notebooks feature specialised memory configurations 
to accommodate Windows NT, enhanced power 
management, system hot-docking (which eliminates the need 
to reboot when connecting to NT networks) and Digital's 
ClientWORKS remote management software. 

The HiNote Ultra 2000's main feature is its size, being only 
35mm thin and 2.7Kg light. It has a 14.1 inch display, built in 
10/100 Ethernet capabilities, an integrated 56kbps modem and 
a 24 speed CD ROM drive. It's priced at $9,900. The HiNote 
VP745 is more of a desktop replacement, with built in CD and 
floppy drives (as compared to removable modules). It has a 
13.3 inch screen, a 20 speed CD ROM drive and supports USB, 
DVD and is Zip drive-ready. It's priced at $8,500. 

For more information, contact Digital on 02 9561 5252 or 
by Web site at http://www.digital.com 













Ghost offers multiple 
workstation cloning 


Innovative Software has announced the fourth 
version of its workstation cloning tool. Called 
Ghost, it's designed to replicate an entire work¬ 
station. Uses for this include disaster recovery, 
backups and simultaneous installations. 

The major new features in this feature include 
TCP/IP multicasting, SCSI tape support and 
Ghost Walker. Multicasting allows Ghost to 
make multiple clones of a workstation at the 
same time, while Ghost Walker generates 
unique SIDs for clonei 
NT Workstations. Priced at 
$500 for a 25 seat license, 
additional licensing deals 
are available. It's also 
available in a retail format 
for $115. Ghost is locally m 
distributed by Protocol 
Information Technology, 
who can be contacted on 1800 805 
or by Web at http://www.protocol.net.au 


Sun challenges Microsoft with its move to Merced 


S un and Intel have announced that they will team upon Merced, potentially posi¬ 
tioning them in competition with Windows NT. The agreement will allow Sun's 
Solaris operating system to run on the next-generation Intel Merced processor 
and provide for the cross licensing of technologies. According to Gil Thew, SunSoft's 
managing director, "It is a strategic move that might not please Microsoft. Only 
time will tell." 

Sun will deliver a 64-bit version of Solaris software designed for Intel's future 
Merced processor, slated for release in 1999. Further to the agreement will be Intel's 
support for the porting of Solaris to the Merced environment. Sun has also 
announced the creation of a porting and tuning centre, to assist independent software 
vendors optimise applications for Solaris on Intel. The program will include technical 
support from Intel plus an expansion of IA-32 and IA-64 server platform initiatives. 

Sun representatives see the deal as "more of a top end thing" but acknowledge 
that Microsoft has plans to move into the enterprise area. According to analysts Sun 
appears to be preparing a second option for the future which is backed up by Sun's 
continued commitment to its Sparc processors. "They are staying on both sides of the 
street," said Thew. 

Microsoft's Windows marketing manager, Peter Moore, responded, " we have 
never perceived an ability to move into the enterprise market as being derived 
through our association with Intel." 

Rolf Jester, principal analyst for Dataquest 
believes that for Sun to 
significantly impact 
on Microsoft's 
market share 
would be a big 
challenge, although 
not impossible. He 
supports the idea that 
the independent 

software vendors are the 
key to Solaris' move 
against Windows NT. 

"The biggest problem 
would be in winning over the software vendors," he said. "If they 
can win them over they stand a chance." Jester also notes that the 
reasons for vendor support are not immediately apparent. "There is 
no strong reason for ISV's to support Solaris on Intel." 

Sun and Intel have also signed a patent cross-license agreement, 
which will allow royalty-free access to microprocessor, systems and 
software technologies. Industry experts predict that in many ways, it 
could redress some of the balance of power in the computing world. 

Gill Thew described it as an interesting partnership and said that he 
couldn't recall agreement of this type in recent IT history. "The fact 
that Intel and Sun are exchanging technology without risk of patent 
infringements is hopefully the way the world is going to be," he said. 

If Microsoft is feeling any heat it isn't letting on. "It's not going to 
give them any greater ability to compete with NT," said Moore. 







BackOffice 4.0 hits the streets 


Microsoft has unveiled its BackOffice Server 
4.0 suite, which should be available by the time 
you read this. The suite includes Windows NT 
Server 4.0; Internet Information Server (IIS) 4.0, 
Microsoft Transaction Server and Microsoft 
Message Queue Server; FrontPage 98; 
Exchange Server 5.5; Proxy Server 2.0; SNA 
Server 4.0; SQL Server 6.5; Site Server 2.0 (and 
a free upgrade to Site Server 3.0 when it 
becomes available); Systems Management 
Server 1.2; and Seagate Crystal Info 5.0. 

New features include an integrated product 
setup capability, browser-based BackOffice 
administration and an intranet starter site func¬ 
tion. Microsoft's Distributed interNet 
Applications (DNA) architecture is also built in. 
The full product server costs $3689, while client 
licenses start from $1929 for five clients. For 
more information, contact Microsoft on 02 9870 
2200, or by Web at http://www.microsoft.com/ 


Unisys to launch mammoth 32X server 


I n a quest to get ahead in the enterprise computing space, Unisys will release an NT 
superserver that will run 32 Intel Pentium II processors. Dubbed as a 'mainframe for 
Windows NT', it looks likely to be released later this year. Needless to say that 
Merced chips will also be used when they become available. 

The new server is based on Unisys's ServerPlus cellular multiprocessing (CMP) tech¬ 
nology. With CMP technology, you can use the server as one processor complex or as 
four separate 8-way processor complexes. For example, in the latter scenario two 
complexes can run NT and the other two can run UNIX. 

The Unisys plan is to use it 


UNIX, mainframe, and service 
expertise to create a more 
powerful NT server that vendors 
can offer as a high-end hard¬ 
ware solution. 

In the meantime Unisys has 
released its 10X Windows NT 
server, which should become 
available now. 


Intel 


Corp. is integrating 
PATROL ® management 



technology 
into the 
i960RP° I/O 
PATROL P rocessor i n order to provide 
the direct management 
capabilities for I/O subsystems 
customers are asking for. 


Top industry leaders are relying 
on PATROL for a reason. 

To find out why visit us on the 
Web at: www.bmc.com/patrol 
Or call today: 1800 332 530 
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According to David Ireland, general 
manager of Unisys Australia, this is a step 
towards making Windows NT a credible enterprise player, 
with Unisys predicting that it can deliver 99.9% availability 
servers by 1999. 

Called the Aquanta XR/6, the server is capable of 
supporting up to 10 Pentium Pro processors, each with a 512K 
L2 cache. "It's the first 10X Intel Pentium Pro NT Server to 
market," proclaimed Ireland. 

The server's configuration contains five CPU boards with 
two processors and a 4MB L3 cache on each one; up to 8GB 
ECC memory; a sustained speed of 533MB/sec and a disk 
speed of 10,000 RPM. 

For more information, contact Unisys on 02 9931 6666, or 
by Web at http://www.unisys.com 




















Microsoft Exchange Server 


outconfigures, 
outadministers, 

outscales , 
out matures, 

outmails 

and generally 

outinternets 

all other messaging and 

collaboration systems. 

(Outrageous? Not according to the experts.) 



In comparative reviews by Network World and 
Network Computing, Microsoft® Exchange Server 
prevailed over Lotus cc:Mail, Lotus Notes/Domino, 
and Novell GroupWise as the Internet messaging 
champ. Microsoft Exchange Server garnered an 
overall score of 8.7 on a scale of 1 to 10 in Network 
World’s review. And Network Computing dubbed 


Microsoft Exchange Server its “Editor’s Choice.” 
Further proof that Microsoft Exchange Server is 
the best messaging and collaboration system 
available today—the recent Burke Marketing 
Research study. It concluded that 70% of IT 
Administrators prefer Microsoft Exchange Server 
over Lotus Domino and Netscape Mail Server. 


Test it yourself: Try Microsoft Exchange Server 5.0 free for 120 days. 
www.microsoft.com/exehange/promo/eval/ 


Microsoft 

Where do you want to go today?® 


. Burke Marketing Resean 
are registered trademarks 





Oracle releases Java software 
with more on the way 


Oracle has begun rolling out its range of Java 
applications for Network Computing-based 
applications. According to the company, the 
new software with 100 per cent Pure Java 
architecture will be a market first for NCs. The 
products showcased at Internet World repre¬ 
sent new Java development and deployment 
software available for Windows NT. 

Included in the announcement is the shipping of 
Application Release 10.7 NCA. The suite, which 
has been in beta since July, will Java-enable 
Oracle's enterprise applications including 
Financials, Human Resources, Manufacturing, 
Supply Chain and Sales Force Automation soft¬ 
ware across any Java environment. 

Also available is Oracle Lite 3.0, a Java client 
database for NC's, that allows the creation of 
Web applications to fit on any client and inte¬ 
grate with Oracle8. It contains new Java fea¬ 
tures including access classes, object storage, 
native JDBC access, stored procedures and 
triggers and an object browser. The new 
release will also have automatic synchronisa¬ 
tion with remote databases using Oracle's repli¬ 
cation software. 

Two new Java Database connectivity drivers 
and developers, one for writing server-based 
Java applications and the other for writing 
client-side Java applets are available for down¬ 
load from Oracle's Web site. 

On the horizon are Oracle's Project Valhalla and 
Application Server 4.0, which recently started 
beta testing. Project Valhalla will be a new inte¬ 
grated development environment for Java 
based applications, whilst Application Server 
4.0 is a new version of its application deploy¬ 
ment platform which will be 100 per cent 
Java programmable. 

New features will includeenhanced transaction 
capabilities, a CORBA 2.0 compliant object 
request broker, improved Windows NT integra¬ 
tion and server management features. 

A new release of Internet Commerce Server 1.1 
is available and contains new features including 
an enhanced Store Manager, encrypted URL's, 
double byte language support and integration 
with Tandata's Internet handling software. 

For further information contact Oracle on 02 
9900 1000 or by Web site at http://www.ora- 
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Gazing into the crystal ball 




A s 1997 comes to an end. International Data Corporation (IDC), known for its 
valuable industry analyses, has released a barrage of interesting predictions for 
this year. One prediction is that Microsoft will announce a non-Windows 
platform for the network appliance market. (Network appliances are devices such as 
WebTV that simplify and reduce the cost of accessing the Web.) Further, IDC foresees 
that Netscape and Oracle may merge in the coming year. Here's a quick list of ten 
other IDC predictions: 

1. The Web will edge toward 100 million users, and Web commerce will exceed 
$20 billion. 


2. The Web will finally reach mass-market proportions in the United States, with 
nearly 25 percent of households online. 

3. Information appliances and suppliers will invade, challenging PC unit volumes 
in three to five years. 

4. PC suppliers will aim for consumers with $500-$700 PCs and appli¬ 
ances; the business-centric PC model will die. 

5. Intel will launch a major non-Pentium chip business 
targeted at network computers. 

6. Microsoft will win the DOJ battle and create a new non- 
Windows appliance platform. 

7. The era of megabit consumer Internet access will 
begin (goodbye, ISDN) as telephone companies' digital 
subscriber lines challenges cable companies. 

8. Internet Service Providers' (ISPs') power will grow; IS 
customers ISP choice will affect the outcome of key market 
battles (e.g., UNIX vs. Windows NT, Netscape vs. Microsoft). 

9. Key Internet technologies for 1998 will include digital certifi 
cates, thin software, Web sound, and language translation. 

10. The scramble for unclaimed customer mindshare will drive 
megamergers in 1998. 



Compaq invades modem companies turf 

F ollowing its acquisition of Microcom last year, Compaq will release its range of 
Microcom-branded remote access modems early this year. 

Microcom, an US company, currently has a local licensing agreement with 
Banksia and its products have been distributed locally under the Banksia name. 
However, according to Ian Harvey, Compaq's communications products manager, 
Banksia only distributed Microcom's 

high-end products, such as modem lUuSU&aSiSmj 
racks and Web servers, and that distribution should end by the time you read this. The 
Compaq Microcom products will retain the high-end products as well as low-end 
devices such as PC cards and desktop modems. 

Until the 56K modem standards are finalised, the Compaq Microcom modems will 
use the 56K Flex standard and are upgradable to the new standard. 

Compaq can be contacted on 1300 368369 or by Web at 

http://www.compaq.com.au 









Faxination goes Alpha 


Woolworths buys NT solution for nation-wide use 

B y the year 2000, every purchase you make at Woolworths will be processed by a 
Windows NT system. In what will be the largest Australian retail technology 
agreement in the last five years, NCR has signed an agreement with Woolworths 
to provide them with NT-based Point of Sale (POS) units. 

"This implementation represents the development, production and implementation of 
an end-to-end retail solution that has no precedent of its type in the world," said David Mill, 

general manager of Wool- 
worths' Management 
Information Services 
(MIS) department. 

As many Woolworths 
stores are now open 24 
hours, the new NT 
system is designed to be 
mission critical. Mill 
believes that Windows 
NT is more than stable 
enough to do this, stating 
that a pilot system had 
been operating successfully in the Sydney suburb of Fairfield for the past six weeks. 530 
Woolworths stores will be fitted with the new systems, commencing early this year in 
South Australia. 

The rollout of the systems will replace the previous, proprietary systems with NCR's 
7453 PC-based POS terminals, which include the DynaKey interface and 380 WorldMark 
4300 Servers. "It was quite inflexible," said Mill of the previous system. "We wanted to 
go to a more open architecture". The new system will be fully Year 2000 compliant and 
will integrate with data warehousing as well as other technologies such as EFTPOS, self 
scanning and produce recognition touch-point technology. 

On the software application side, an Israeli-based company has been hauled in. Az 
Ben Pty Ltd is the developer of the APOS 2000 Retail software package, which NCR will 
now support and market on a worldwide basis. 



After almost three years Fenestrae has finally 
come to market with a Digital AlphaServer 
version of its fax and messaging server, 
Faxination for Microsoft Exchange. The cur¬ 
rent version is Windows NT based and allows 
users to send and receive fax, telex and 
mobile messages to mobile phones and 
pagers (SMS or TAP) the same way as stan¬ 
dard email from within their desktop environ¬ 
ment using Exchange. The software for the 
message server is developed as a modular 
system thereby allowing for the connection of 
additional devices and host connectors. 

Both the Intel and Alpha versions are avail¬ 
able on the one CD. Pricing for Faxination's 
Microsoft Exchange starts at $1600 for the 
Standard edition and $3240 for the 
Corporate edition. 

For further information contact Information 
Gateways on 02 9975 6779 or by Web site at 
http://www.fenestrae.com 
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Banksia launches remote 
access solution 


Banksia has released an eight user remote 
access package that provides data, fax, voice- 
mail and email facilities. Integrating eight 
33.6Kbps modems on a single ISA expansion 
board, iNTRA 8 is targeted at small businesses 
and branch offices. It’s priced at $2500. 
According to Banksia, iNTRA 8 is more than a 
collection of modems plugged together. A com¬ 
munications accelerator called the EXAR 16654 
is provided, thus giving each modem port hard¬ 
ware flow control and large FIFO buffers. The 
overall effect of this is increased modem 
throughput. 

Aimed largely at the NT market due to NT's RAS 
capabilities, the card also features plug and 
play support. 

For more information, Banksia can be 
contacted on 02 9424 2000 or by Web at 
http://www.banksia.com.au 



New Java VM for Internet Explorer 


In an attempt to outmanoeuvre Microsoft on the 
Java front. Sun has released a Java Virtual 
Machine (JVM) for Internet Explorer. 

Sun's product, called Activator, works as a 
browser plug-in and facilitates downloading of 
Sun's Java Virtual Machine. Activator checks 
incoming Java applications to determine 
whether the application requires a version of 
Java that the browser doesn't have, then auto¬ 
matically downloads the latest JVM from Sun's 
Internet site. Sun originally designed Activator 
to give older browsers Java functionality, but 
Sun says you can also use Activator as a 
workaround to Microsoft's JVM implementa¬ 
tion, which Sun believes is less than complete. 
For more information, check out Sun's Web site 
http://www.sun.com/products/activator 


AMD and Cyrix challenge Intel in notebook arena 

W ithin the same week both Cyrix and Intel have announced their first notebook 
processors to truly threaten Intel, who also released a new mobile processor. 
AMD has begun shipping AMD-K6 processors that use the 0.25-micron based 
process. While they began shipment late last quarter, IBM and Compaq consumed 
initial supplies. The chips are available in speeds of 266MHz and 233MHz. 

The AMD-K6 uses a 0.25-micron process, which allows the processor to operate 
faster than 0.35-micron chips but with a lower power consumption, has enabled ship¬ 
ments of the first mobile version of the chip. These will be used by Compaq in its new 
Presario 1621 notebook at 233MHz. Incidentally, IBM will be using the 266MHz 
processor in its desktop Aptiva E46 PC. 

Cyrix, meanwhile, has unveiled its MediaGX 200MHz mobile processor that features 
MMX. As with AMD's processor, Compaq will be using it in its Presario notebooks. 

On the Intel front, the new 266MHz "Tillamook" processor has been released, 
providing a speed improvement over the last Tillamook chip which ran at 233MHz. 
Rumoured to be the last Pentium before mobile Pentium lls hit the market - probably 
before June - the 266MFIz processor will also make it into low end desktop PCs. 
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266MHz notebooks storm market 




T here has been a rush of notebooks to market following Intel's release of its new 
mobile Pentium 266MHz processor with MMX technology, formerly codenamed 
Tillamook. Toshiba, Gateway and Dell are some of the first companies to break 
the notebook speed record, using the new processor. 

Toshiba's Tecra 550CDT features the Pentium 266MHz and a 2.9Kg package, as 
well as the S3 Virge MX mobile computer 64-bit 3D graphic accelerator chipset with 



DuoView technology. The Lithium Ion battery life ranges from 2.5 hours at full power 
to five hours in economy mode. 

Gateway 2000 is offering its build to order 
customers the new technology in its current 
notebook the Solo 9100. Also included are 4MB 
of video RAM, 64MB SDRAM, 5GB hard disk 
drive and a battery life of up to four hours. 
Dell launched its new notebook model, 
the Inspiron 3000 M266XT with the 
company expecting performance 
improvements of between seven and 
10 per cent. The 3000 series 
notebook comes with 32MB 
SDRAM, a 3.2GB hard drive and a 
20X CD ROM. 

Pricing for Toshiba's Tecra 550CDT 
starts at $7,408, the Dell Inspiron 3000 M266Xt costs $6439 
whilst the Gateway 2000 Solo 9100 is $7,999 for a standard configuration. 

For further information contact Toshiba on 02 9887 6000, Dell on 1800 810 676 and 
Gateway 2000 on 1800 500 742. 
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Now that APC Smart-UPS includes FREE 
PowerChute plus, protecting Windows NT 
uptime has never been easier 



Complete protection Designecnor 
for Windows 95 and a«*S|T|| 
NT Workstation is jj^Pj 
available with APC's Microsoft ' 
Back-UPS Pro line wmows-95 
featuring PowerChute Pro 
management software. 


a Power problems 
attack networks 
relentlessly. In feet, 
a study by IBM has 
iown that a typical computer 
subject to more than 120 
rwer disturbances per month, rang- 
ig from data destroying surges to 
ackouts. To protect hardware and 
ita from system crashes, experts, 
etwork managers and computer 
sets worldwide prefer one solution 
aove all others combined: APC Smart-UPS. 
ow, all 230V Smart-UPS include FREE 
owerChute plus power management software. 


he most reliable 
rotection you can buy 
mart-UPS provide 
omplete protection 
gainst power spikes, 
urges, brownouts, 
nd blackouts, in turn 
laximising Windows 
!T Server up-time and 
ecreasing manage- 
lent costs. Smart-UPS 
rard-winning features 
nclude: 

' Cell Guard™ intelli- 
;ent battery manage- 
monitors battery 


Microsoft • 


PowerChute plus provides graceful, unattencl 
ei system shutdown and UPS management 
for Microsoft BackOffice, Windows NT Serevi 
and all other major operating systems. 


plug directly into Smart-UPS 
providing support for SNMP, 
environmental monitoring and 
remote out-of-band power 
management. 

• Smart-UPS are also available 
in a convenient rack-mount 
version. Smart-UPS RM feature 
all of the reliability and protec¬ 
tion of Smart-UPS for servers, 
hubs, PBX and other rack- 
mount applications. 


lerformance and extends battery life. 

• QuickSwap™ user- 
replaceable batteries cai 
be quickly and safely 
swapped out without 
powering down the 
connected equipment. 


Manage power anywhere 
PowerChute plus FlexEvents™ lets you control 
UPSs reactions to power events. Pre-configure 
PowerChute® plus to provide graceful, unat¬ 
tended server shutdown during an extended 
power outage or alert users to out-of-bounds 
environmental conditions before they result 
in costly downtime or data loss. 


Toll Free Phone: 1800 652 725 
Fax: +61 2 9955 2844 
http://www.apcc.coni 


Smart-UPS and PowerChute 
plus provide the complete solu- 
in one convenient box. Windows 
NT Server protection and peace of mind have 
never been easier. 


I | No I'm not interested at this time but 

please include me on your mailing list. 


Australia-wide 
customer support 
APC Australia provides Toll- 
Free technical support, so you 
can join over 6 million APC 
customers world wide, who 
already rely on APC’s service 
and support programs. 


FREE Smart-UPS Info! 

Mail or fax this coupon to 
APC and receive your Smart- 
UPS product literature. 

□ YES! Send my FREE Smart-UPS Info! 
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Stac provides disaster recovery 
tool for multiple servers 

Stac has released the Intranetwork Edition of 
Replica 3, its disaster recovery package. 
Designed to protect multiple servers in enter¬ 
prise environments, it's based on Stac's object 
replication technology. 

Featuring a centralised management console, 
it also offers direct media access, 7 x 24 avail¬ 
ability, support for autoloaders and DLT dri¬ 
ves, automatic mounting and dismounting of 
tapes and the ability to implement pre- and 
post-commands. It also integrates Hewlett 
Packard's TapeAlert technology for SNMP 
tape-alert routing. 

The Replica Intranetwork Edition should retail 
for $2,996 for a host server, while upgrades will 
cost $1495. 

For more information you can contact Stac on 
1800 810 919. A free 30 day timed evaluation 
copy can be downloaded at Stac ‘s 
http://www.stdc.com 




H ave you ever driven along in your car and thought, "Gee, I could really use 
Windows roughly about now?" 

If so, then Microsoft has just announced the solution - and it's called the Auto 
PC. The Auto PC is a CE based device that fits into your car's radio socket. Offering a 
voice recognition system, it allows you to operate 
it while driving. Auto PC functions include having 
a radio and compact disc player, an Internet 
phone and the ability to read email, whilst other 
features such as checking vehicle diagnostics are 
possible. It is rumoured to be released within the 
first half of this year. 

Another CE device announced is the Palm PC, 
which is roughly like a cross between a Palm Pilot 
or Newton device crossed with a standard CE 
palmtop. Fitting in the palm of your hand, it will 
allegedly recognise your handwriting and perform PDA-type functions such as a 
schedular, note pad and a contact database. It will also offer Internet connectivity, 
possibly providing access to the Web. 



icrosoft drives ‘Windows everywhere’ concept further 







Australia’s Leading Experts on 

NT4.0 and Windows 95 

ALC Training is looking for top-class instructors to present courses on Windows NT 
4.0 and/or Windows 95 in various cities around Australia. 

The people we are looking for must have an absolutely outstanding knowledge of 
the product, and and must be very good presenters. These are very attractive 
positions for the right person. 

Written applications only please to: 

Marilyn Banfield, 

General Manager 
ALC Training Pty Ltd 

Suite 101,3 Smail Street, Broadway NSW 2007 
Fax: (02) 9211 0705 Email: alc@alctrain.com.au 





















HELP! 

Problems with your network? 

Are you looking to install a new networked system into 
your organisation or implement messaging, Intranet or 
Internet facilities? The solution is Syncomp ! 












Microsoft promises protection 
against bonking 


Microsoft has released a fix for the denial-of- 
service attack which hackers can use to crash 
any Internet-connected Windows 95 or NT 
machine. The attack, called 'bonk' by hackers 
- although Microsoft calls it by the friendlier 
term ‘NewTear’ - can take an Internet site 
offline, causing an NT machine to show the 
‘blue screen of death'. 'Bonk' has been avail¬ 
able on the Internet since the beginning of this 
year, although it is a variant of another denial- 
of-service program called 
"TearDrop", which was A 
available last year. 

At the time of writing the 1 
fix was only available for ^ 

Windows NT, although a Windows 95 version 
may be available by the time you read this. 
However, most firewalls should protect a sys¬ 
tem from this attack anyway. The fix can be 
downloaded from Microsoft's web site at 
http://www.microsoft.com 
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Secure Computing fights hackers with new firewall) 

S ecure Computing Corporation has announced Secure Computing Firewall for NT 
3.0, a native firewall for NT that offers advanced URL filtering, authentication and 
Virtual private Network capabilities. Secure Computing also assures us that the 
interface is intuitive. 

The firewall employs tri-level filtering which is based on a combination of packet 
filtering, circuit level and application level gateway technology. The product's underlying 
architecture makes use of protocol capture Engine technology (ProCap), which captures 
network packets for firewall analysis. 

Other features include the NT Security Scanner, which scans the network for security- 
related data and the Suspicious Activity and 
Performance Monitor, which uses standard 
Windows NT services to provide adminis¬ 
trators with real-time event logging, 
reporting and resource utilisation 
information. 

Pricing ranges from $5,160 for a 50 user 
license. For more information, contact 
Secure Computing on 02 9844 5440, or its 
distributor. Open Systems, on 06 239 7533 




The Complete Quota Solution 
for Windows NT 


• User, Share & Disk Quotas 

• File and Directory Quotas 

• Five Threshold Settings 

• Policy Module 

• Management Reports 

• Domain Support 

Network Computer Software 


Call (02) 9211 2322, or fax (02) 9211 0256 
Download your FREE DEMO at www.nctcomsoft.com.au 
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No one integrates 

networks like Syncomp 

Over the past decade why have so many 
companies and Government Departments 
turned to us for help? 

We have the resources, people, knowledge 
and experience to make implementing a 
new network easy and cost effective. 

We have the proven ability to maintain and 
support new and existing networks. 

As a Network Integration specialist, we work 
closely with many of the world's leading IT 
companies including IBM, Apple, Microsoft, 

Novell, Lotus, and Cisco to provide our clients with the most up to date 
technology, service and support. 

So why don't you give us a call today and discover what we can do for you. 

Call Syncomp on 02 9798 9777 or email us on consult@syncomp.com.au 


SYNCOMP 


Syncomp (Australia) Pty. Ltd. ACN: 003 225 429 451-455 Liverpool Road Ashfield NSW 2131 Tel: 02 9798 9777 Fax: 02 9798 9799 
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Certified Network Reseller 
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Partner 

PREMIER CERTIFIED 


Novell. 









LapLink now available on NT 


For notebook users who need a remote access 
solution, Traveling Software has released the 
Windows NT version of LapLink, 

LapLink is a remote control and file transfer 
package specifically designed for mobile use. 
Features include disk caching, colour scaling 
and bitmap filtering and compression for file 
transfers. NT users also receive a free copy of 
LapLink for Windows 95 in the box. 

New security features that appear in the NT 
version include user profiling and defined 
access rights. It also offers a new schedular 
which allows users to set up remote file and 
folder synchronisations and have them run on a 
regular basis. 


For more information, contact Traveling 
Software on 03 9929 9744, or by Web site at 
http://www.travsoft.com. 



Adaptec’s host adaptor doubles UltraSCSI speed 

A daptec's Ultra 2 SCSI controller chip is now available for its host adaptor, increasing 
cable length and pushing throughput rates to 80MB/sec. With the launch of Ultra 3 
next year, the company expects to double these burst rates to 160Mbps whilst 
maintaining a cable length of 12 metres. 

The controller chip is designed for PC server and workstation applications such as 
CAD/CAM, desktop publishing, video and Internet servers that require high bandwidth. 

Increased performance has been achieved through the doubling of the RISC processor 
and the FIFO size. SCSI chips run at different speeds and the FIFO buffer provides extra 
space so the PCI and SCSI ports can keep 
going no matter what the bandwidth is. 

Adaptec claims it is the first to 
distribute single channel Ultra 2 adaptors, 
and expect to launch a dual channel Ultra 
2 in the second half of 1998. 

The AHA-2940U2W host adaptor 
includes four connectors featuring internal 
and external Ultra 2 connectors and two 
internal legacy SCSI connectors providing 
backwards compatibility for up to 15 
devices. The AIC-3860 chip allows the adaptor to isolate the Ultra 2 and legacy systems. 
In a mixed peripheral environment the 3860 keeps it separate. According to the company 
they are the only Ultra 2 adaptor that has this capability. 

"It is only good if the architecture can take advantage of it," said Joel Warford, 
marketing manager for Adaptec's OEM Solutions Group. 

The host adaptor is available for $949 and includes Adaptec's EZ-SCSI 4.0, Software 
Manager Set and four cables. For further information contact Anabelle Bits 02 9384 8000, 
Agate Technology 02 9878 4688, Synnex 03 9540 0555 or Tech Pacific 02 9381 6000, or 
you can go to Adaptec's Web site at http://www.adaptec.com 



NovaTech 


nternet Secur 


• Security Auditing 


• Network Penetration Testing 


• Secure Network Design 


• Firewall Configuration 


• ISS Distributor 


• General Security Assistance 


• Security Policy Development 


NovaTech is Australia’s leading Internet and Network 
Security Consultation firm specialising in TCP/IP networks. 
They can remotely assess your network and advise on how 
to increase your security or help in 
implementing a security regime that 
will fulfil your requirements. 

NovaTech Internet Security 
PO Box 487, Ermington NSW 21 IS 
WWW - http://www.novatech.net.au 
Email - novatech@novatech.net.au 
Phone: +61 2 9638 5883 Fax: +61 2 9967 4447 



02 9638 5883 Fax: 02 9967 4447 


I: novatech@novatech.net.au 




















Think tape backup. 
Think Seagate. 


SEAGATE HORNET® (Travan) 

Capacities from 3.2CB to 8GB. 
High-performance desktop, workstation and 
server backup. 


SEAGATE SIDEWINDER® 



EAGATE SCORPION® (DAT) 

Opacities from 2GB to 96GB. 
ligh-performance backup system 
x servers and workstations. 


(AIT—Advanced Intelligent Tape) 

Capacities of up to 50GB. 
High-performance backup for 
mid-range servers. 


eagate TapeStor Travan and Seagate TapeStor DAT 

iroducts include software and accessories for a complete solution. WWW.seagate.com 

For more details, 
call your local distributors 

c5P Seagate 

Information, the way you want it 


)ISTRIBUTORS: AUSTRALIA • ACA PACIFIC PTY LTD TEL: 1800-671796 FAX: 03-93881124 • AGATE TECHNOLOGY PTY LTD TEL: 02-98784688 FAX: 02-98784655 • COSMOTEC AUSTRALIA PTY LTD 






BackOffice Small BiuaneM Server 


|Microsoft 

Top into the power of BackOffice from a small 
business environment 

Most small office networks rely on a variety of software 
products (and often operating systems) acquired from 
multiple vendors. Typically, the most computer-literate 
person in the office - whether CEO or secretary - 
chooses, installs and manages the collage of software. 
Balancing technology and staffing is a real dilemma for 
many small businesses. Small companies need the ser¬ 
vices that technology can provide to grow their business 
and enhance their customer service, but hiring a full¬ 
time MIS person to implement and manage the tech¬ 
nology might not make economic sense. 

The solution to this dilemma may very well be 
Microsoft BackOffice Small Business Server (SBS). 
What is SBS? In general terms, the product lets some¬ 
one with intermediate computer skills and two days to 
kill configure a robust business network environment 
that supports 25 client connections and harnesses the 
power of Windows NT Server, SQL Server, Exchange 
Server, Proxy Server, and more - all installed and con¬ 
figured through a friendly GUI. Think of SBS as 
“BackOffice Lite” for small businesses. Small companies 
can implement file sharing, printer sharing, modem 
sharing, fax serving, email, and Internet connectivity 
with one integrated, easy-to-use package. 

SBS includes existing BackOffice components and 
some new components Microsoft developed just for 
SBS (Figure l,page 30, fists the components).Exchange 
is the key component for providing internal and exter¬ 
nal mail service. To keep hardware requirements to a 
minimum, Microsoft has tuned the SBS version of 



Exchange (and SQL Server) to support no more than 
25 connections. (Microsoft provides SQL Server in SBS 
to support business database applications, but none of 
the SBS components rely on SQL Server.) 

In this first installment of the Windows NT 
Magazine Lab’s SBS track, I’ll report on SBS, Beta 2’s 
setup, configuration, management and online Help. In 
the next installment, I’ll explore SBS’s application ser¬ 
vices, general communications services and Internet 
connection services. 

The Context for SBS 

To truly appreciate SBS, you need to see how it fits into 
a typical small business environment. For example, con¬ 
sider the fictitious Dr. X’s growing family practice. 
Over the past 20 years, the practice’s patient base has 
risen from a few hundred patients to several thousand 
patients. A few years ago, Dr. X hired two interns and 
several nurses just to keep up with demand. The hand¬ 
ful of nurses and office assistants feel more confident in 
front of a typewriter than a computer, yet they admit 
they can’t keep up with the paperwork (e.g., patient 
records, insurance forms) and general administration 
(e.g., billing accounts) of running a successful office. 

Because Dr. X doesn’t have time to explore all the 
options, Dr. X hires me as a consultant to examine the 
practice’s business needs and present a reasonably priced 
solution to move the office into the 21st century. We 
discuss hardware requirements and software applica¬ 
tions for networking, remote access, electronic mail, 
Internet access, modem and fax sharing, and backups. 
Then we discuss the office’s database structure and 
which applications the staff will use and need to be 
trained on. Ka-ching! After recovering from price tag 
shock, Dr. X politely throws me out of the office and 
tells me never to come back - without even hearing 
about maintenance and support options. 

Armed with the false assumption that the office staff 
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:an do better on its own, Dr. X and the accountant, 
)ffice manager, and in-house computer expert go 
hopping. They buy whatever they can from anyone 
vho offers a cheap, fast deal. Then Dr. X assembles the 
est of the staff and gives the motivational speech, 
‘Make it work, people!” Of course, no one wins in this 
ituation because learning about, configuring, and sup- 
jorting these computers often takes anywhere from 
[0 per cent to 50 per cent of the staff’s time, leaving less 
ime for primary jobs. 

With SBS in the picture, my encounter with Dr. X 
night turn out differently. SBS provides an integrated 
oftware solution for common business environments; 
hus, bundling SBS with some hardware, line-of-busi- 
less software, and training lets me provide an econom- 
cal solution to Dr. X’s problem. I decided to test this 
:heory in the Lab by establishing a small business net¬ 
work environment for Dr. John’s Health Services. 

b Look at the Server 

>BS, Beta 2 comes with a well-written Reviewer’s 
3uide and a Start Here booklet. The product also 
ncludes Release Notes and a Hardware Compatibility 
List (HCL - make sure your hardware appears on the 
SBS HCL, which is substantially shorter than the stan¬ 
dard BackOffice HCL). For a test server, I chose an HP 
NetServer E 45, configured with a 266MHz Pentium 
[I, 128MB of RAM, and three 4GB SCSI hard disks. 
(For more details about the test server, see “HP 
NetServer E 45,” page 36.) I reformatted the hard disks 
in NTFS before installation. 

Microsoft provides the SBS software on three CD- 
ROMs, two for Intel processors and one for Alpha. The 
product also includes three SBS installation floppies, and 
four floppies containing client licenses. (Microsoft sup¬ 
plies licenses in increments of five.) The SBS software 
limits use to 25 client computer systems (the number of 
computers connected to the server, not the number of 
users). Multiple users can share computer resources as 
needed - Microsoft expects no more than 100 users. 

Initial installation was a little bumpy and I had to 
keep reminding myself that I was trying a beta version 
of SBS. To start with, the setup boot floppies didn’t let 
me proceed past Disk 3, and the software presented an 
error message stating that SBS could not locate enough 
space on drive C during setup. I installed a clean ver¬ 
sion of NT 4.0 using the standard setup boot floppies 
and experienced no problems. Using the SBS CD- 
ROM, I attempted to install SBS over the standard ver¬ 
sion of NT 4.0, but the process hung, forcing me to 
cancel the installation. 

I then reformatted all hard disks as FAT and used the 
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SBS setup boot floppies. This time, I was able to com¬ 
plete the installation. During the installation process, 
the Small Business Server Setup Wizard asks for four 
items: name, organisation, computer name and domain 
name. After you enter that information, the installation 
process copies the files from the CD-ROM to your 
hard disk and asks to reboot the machine. After restart¬ 
ing the machine, the Small Business Server Setup 
Wizard asks for general company information and 
defaults to a complete install, which requires very little 
input from you. 

After the system restarts, the To Do List .shown in 
Screen 1, appears. The To Do List presents a friendly 
and easy-to-understand interface for SBS configura¬ 
tion and maintenance operations. From the To Do List, 
I immediately selected Add a New User so that I could 
start adding users to Dr. John’s Health Services’ net¬ 
work. I was impressed with the Add a New User 
Wizard that stepped me through creating a user 
account and setting up access rights. The interface is 
simple, and I liked that I could individually assign 
access to shared folders, shared modems, and the 
Internet, instead of assigning membership in global 
groups for permissions and rights. The Add a New 
User Wizard also automatically creates a mailbox for 
the user. 

After creating a user account, you can start the Set 
Up a Computer Wizard. I think a better name for this 
wizard is Preparing Client Computers Wizard because 
the wizard creates a user setup disk to configure a 
user’s account and connection on a client computer. 
For example, the setup disk configures Outlook 97 
with the user’s email account, places shortcuts on the 
desktop for the user’s personal folder and company 
shared folders, and installs SBS client applications.You 
can also use this wizard to add another user to a com¬ 
puter already set up for SBS. Several users can use the 
same client computer, though not at the same time. 


A Look at Client Computers 

Using the Set Up a Computer Wizard, I created 
accounts and setup floppies for the fictitious family 
practice. I then installed those floppies on my client sys¬ 
tems. The first client I installed was for Dr. John. The 
client-side configuration process involved simply insert¬ 
ing the floppy into a client machine and running 
setup.exe. The setup.exe program starts the Client 
Wizard, a hands-off, automated installation process. You 
must restart the system after joining the domain and 
again after downloading the SBS client applications. In 
my case, the whole process took about 20 minutes. 

Client computers can run either NT Workstation 4.0 
or Windows 95. Microsoft recommends an Intel 486DX 
or higher processor, with 16MB of RAM and 60MB of 
available hard disk space.The client system needs a 3.5" 
floppy drive to install SBS from the setup floppy. The 
network adapter card must be from the HCL, and NT 
4.0 workstations must have Service Pack 3 installed.The 
server automatically starts the Dynamic Host 
Configuration Protocol (DHCP) service for the net¬ 
work. On the client computers, you must configure 
TCP/IP to accept DHCP; otherwise, the User Setup 
Wizard won’t work on the clients. 

After the final restart, the user account is active and 
the client-side user must enter a name and password and 
select the proper domain. The client desktop displays 
shortcuts to shared folders and Outlook 97. On my test 
client, I knew the shared folders were empty, so I acti¬ 
vated Outlook 97 to see whether SBS configured it 
properly. Roughly 10 minutes passed before the default 
window came up and gave me the “Thank you for 
choosing Outlook” message. (I hope Microsoft improves 
performance in the final shipping version of SBS!) Once 
Outlook 97 was running, I verified that the configura¬ 
tion was correct and that the global address book had all 
the user accounts listed. 

I then proceeded to create setup floppies for the rest 


■ Figure BackOffice Small Business Server Components 

Microsoft Windows NT Server 4.0, with Service Pack 3 
Microsoft Internet Information Server 3.0 
Microsoft SQL Server 6.5 (tuned for 25 connections) 

Microsoft Exchange Server 5.0 (tuned for 25 connections) 

Microsoft Outlook 97 
Microsoft FAX Server (new) 

Microsoft Modem Sharing Server (new) 

Microsoft Proxy Server 1.0 
Microsoft FrontPage 97 
Internet Connection Wizard (new) 

Crystal Reports for Microsoft Small Business Server 
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An Australian edition of 
the Bible is coming! 




of the fictitious office. Creating the floppies was easy 
and fast; however, the 20-minute installation time for 
each client machine got a little annoying. In real life, 
the end users do the setup, and client-side installation 
doesn’t consume much administrator time. I noticed 
that when I configured more than three client 
machines at the same time, the installation process and 
network traffic slowed considerably. 


Managing SBS 

After configuring my users and client machines, I start¬ 
ed to explore the management tools that come with 
SBS. From the Start menu, you can select Manage 
Server, which displays a full-screen GUI that lets the 
day-to-day administrator manage and support the net¬ 
work from one location. 

SBS presents its management options on three tabs: 
Tasks, More Tasks, and Online Guide. The Tasks tab 
provides icons for troubleshooting and managing users, 
printers, email, shared folders, and backup and restore. 
Screen 2 displays the details for the Manage Connected 
Users task. Unfortunately, Screen 2 typifies the incon¬ 
sistencies in this beta version: the server had seven con¬ 
nected clients accessing email, but the window dis¬ 
played only three connections. (Microsoft stated that 
the problem I had may be a refresh problem with this 
particular function.) 

Screen 3 displays the Manage Shared Folders option 
from the Tasks tab. Instead of having to manage groups 
and memberships, the administrator can control access 
to folders, manage folder size, and move folders to dif¬ 
ferent drives. (You can also access Manage Connected 
Users from this window.) 

Under the More Tasks tab, the administrator has 
options for managing email distribution fists, hard disks, 
computers, Internet access, and faxes, and adding or 
removing software and hardware and publishing on the 
Internet. Screen 4 shows the Manage Computers win¬ 
dow, where you can view networked computers, add or 
delete a computer to or from the domain, and trou¬ 
bleshoot common computer problems. 

The Online Guide tab provides a feature that I hope 
migrates to other Microsoft products. Much like the 
regular Windows Help program, Online Guide com¬ 
bines Contents and Find options in an interactive GUI. 
But in addition to reading about a topic, you can com¬ 
plete operations directly from the topic description 
window. For example, I wanted to explore the 
Emergency Repair Disk feature. My search produced 
the Help window shown in Screen 5 (which I am sure 
any computer novice can understand). After reading the 
descriptions, I just clicked the here fink and followed 
the directions to create the Emergency Repair Disk. I 



■ Screen 1: 

Choosing options from SBS's To Do List 



■ Screen 2: 

Managing connected users in SBS 



■ Screen 3: 

Managing shared folders in SBS 
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■ Screen 4: 

Managing computers and troubleshooting problems in SBS 



■ Screen 5: 

Using SBS's Online Guide feature 



■ Screen 6: 

Viewing an alert message on the client system 


was also pleasantly surprised that a few of my actions 
requiring a restart of the server automatically gener¬ 
ated an alert message (such as the one in Screen 6) on 
the client computers. 


Most of SBS’s Help pages have the theme: first dis¬ 
play an easy-to-read explanation or description, and 
then provide an interactive option to complete the 
task. I found a few Help pages missing and I wanted 
page-forward and page-backward capabilities. When I 
proceeded down the wrong Help path, I couldn’t back 
out a page at a time but had to start at the beginning 
of the Online Guide. 


Smooth the Rough Edges 

A management tool I did not get to try is Crystal 
Reports for Microsoft SBS. From the Online Guide, 
I read that I could generate system reports from NT’s 
Event Viewer, and tables and graphs on email usage, 
Internet access, Web server statistics, and fax usage. 
Seagate Software Information Management Group 
makes Crystal Reports for Microsoft SBS, and 
Microsoft does not provide technical support for it. 
All my attempts to generate a report produced appli¬ 
cation error messages. 

Overall, I was pleased with SBS, and I’m excited 
about its potential. Microsoft has taken the powerful 
applications in the BackOffice suite and packaged 
them for the small business market. Giving small 
companies the network performance and communi¬ 
cations they need without requiring full-time MIS 
support is a good idea. The SBS interface simplifies 
installation, configuration, and day-to-day adminis¬ 
tration. Based on what I saw in the beta version, how¬ 
ever, Microsoft has some work to do to smooth SBS’s 
rough edges. 

If you’ve worked in the reseller channel, you know 
how painful growing and upgrading technology in a 
small business environment can be. With SBS, I 
installed and configured a robust applications server 
and seven client workstations in just 1 day. I easily 
created user accounts with permissions and access 
rights. Setup floppies let users effortlessly install and 
configure their workstation. 

Next month, in the second part of my SBS cover¬ 
age, I’ll describe how SBS handles applications sup¬ 
port, Internet connections via an Internet Service 
Provider (ISP), and Web publishing. I’ll conclude my 
report by looking at the remote control utilities avail¬ 
able through SBS. □ 


[list PRICE: | | $2199 for 5 users and $3629 for 25 users 

| CONTACT: | Microsoft on 02 9870 2100 

: Web: http://www.microsoft.com/ 
australia/products/backoff/sbs/ 
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AHA-F940 andAHA-F950 


Adaptec 

PCI-to-Fibre Channel host adapters provide storage 
interfaces for Windows NT 

Companies often use data-intensive applications, such as 
client/server applications, online transaction processing, 
data mining and warehousing, special effects production, 
and Internet and intranet server applications.These data- 
intensive applications require fast processors with large, 
fast storage systems. Processor designers, such as Intel and 
Digital Equipment, are stepping up to the challenge by 
providing faster system solutions. 

Storage system manufacturers are doing the same. To 
increase data transfer speeds, they often use Fibre 
Channel Arbitrated Loop (FC-AL) interface technology. 
With FC-AL technology, you can attain data transfer 
speeds of 100Mbps. 

Faster Speeds and Longer Connections 

Faster speed is not the only benefit of FC-AL. With FC- 
AL, you can connect as many as 126 widely dispersed 
peripheral devices.You can use copper wiring to connect 
peripheral devices that are up to 30 metres apart and 
fibre optic cabling to connect peripheral devices that are 
up to 10 kilometres apart. These distances are notable 
improvements over differential SCSI technology, which 
has a limit of 25 metres. 

A New Player in the FC-AL Market 

Adaptec, an industry leader in SCSI controllers and SCSI 
chipsets, is entering the Fibre Channel market by intro¬ 
ducing two new adapters: AHA-F940 32-bit PCI-to-Fibre 
Channel host adapter and the AHA-F950 64-bit PCI-to- 
Fibre Channel host adapter. The adapters use Adaptec’s 
new AIC-1160 PCI-to-Fibre Channel controller chipset. 
This single-chip controller provides a full-speed Fibre 
Channel interface. The AIC-1160 uses an integrated RISC 
multitasking processor for its protocol engine. 

You can configure the AIC-1160 for arbitrated loop, 
point-to-point, or switched fabric finks. It supports both 
32-bit and 64-bit PCI data transfers over a full 64-bit PCI 
address range. 



Adaptec AHA-F940 


• Independent PCI direct memory access (DMA) chan¬ 
nels for data and commands 

• Zero-wait-state PCI bus master transfers with cache 
fine streaming 

• PCI data and address parity generation and checking 

• Programmable PCI latency timer, cache size, and inter¬ 
rupt fine select registers 

Adaptec's a Viable Contender 

Adaptec sent me a preview version of the AHA-F940 
host adapter for review. The controller card looks clean. 
Only a few components populate the board’s surface, and 
the large AIC-1160 controller chip is in the middle. 

I used an Amdahl FS Quad-Pentium Pro server with 
the Raidtec Fibre Channel drive array to examine this 
adapter. Setting it up was very easy. I just installed the 
card, hooked it up to a drive array, booted the system, 
and installed the drivers. 

Next, I formatted the drives in the Fibre Channel 
array and used them without any problems. I copied files 
and installed SQL server databases. I also performed 
queries and accessed files on the Fibre Channel array. 
The AHA-F940 worked as it was supposed to. Its per¬ 
formance was very good. 

If you need the benefits of Fibre Channel technolo¬ 
gy, consider the AHA-F940 and AHA-F950 adapters. 
Adaptec is fully using Fibre Channel’s ability to provide 
faster speeds and longer finks between peripheral 
devices. 


Update Microcode Using Software 

One useful feature of the AIC-1160 chipset is that you 
can use software to update the microcode. You do not 
have to replace a chip on the controller or replace the 
controller. Other AIC-1160 features include: 

• Built-in diagnostics 

• Independent send and receive buffers for full-duplex 
operations 


- Dean Porter 


| CONTACT: | : Adaptec distributed by Anabelle Bits 
~ 02 9384 8000 

Web: http://www.adaptec.com 

| PRICE, | AHA - F940 $1889 
AHA - F950 $2099 
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NetServer E 45 


Hewlett Packard 


A multipurpose server in a minitower chassis 

Perhaps you’re ready to expand your LAN to accom¬ 
modate more office space and employees, or your small 
business needs to upgrade its current peer-to-peer net¬ 
work to gain the benefits of an NT or NetWare envi¬ 
ronment. If you need a server that facilitates growth, is 
easy to use, and provides enterprise-level performance, 
the HP NetServer E 45 might be just the ticket. HP is 
targeting the NetServer E Series line at networks with 
25 to 50 workstations, and the HP NetServer E 45 is 
the top-of-the-line offering within this series. 

My first impression of the HP NetServer E 45 was 
a good one. Within minutes of opening the shipping 
box, I added the unit to the Windows NT Magazine 
Lab’s network and ran applications for 25 users. I eval¬ 
uated the HP NetServer E 45 by looking at four areas: 
hardware, software, documentation, and performance. 

Sizing Up the Server 

HP sent the NetServer E 45 preconfigured with 
Windows NT 4.0, Service Pack (SP) 3, a 266MHz 
Pentium II processor, 512KB L2 write-back cache, 
128MB of RAM, one 3.5" floppy drive, a 24X IDE 
CD-ROM, and three 4GB SCSI hard disks. HP offers 
options for a 233MHz processor, up to 384MB of 
RAM, and different sizes and types of storage devices. 

The chassis features the standard HP sliding case; 
you flip two catch levers on the sides and the case 
slides toward the front and off. The internal configura¬ 
tion was not what I had expected. I found a separate 
fan and cooling duct for the Pentium II CPU that you 
simply lift up and out of the chassis. From here, you 
can access the entire motherboard. You can easily 
remove the Pentium II CPU and the Voltage 
Regulator Module (VRM), or replace the RAM. The 
motherboard occupies only the top half of the chassis 
with the 1/O slots on a back-plane bus that extends 90 
degrees from the main board. Expansion cards are 
installed parallel to the main board. The lower half of 
the chassis contains the storage drive slots and power 
supply. 

Hooking It Up 

On the software side of the server is the HP NetServer 
Navigator CD-ROM, which comes standard with all 
HP NetServers and includes several integrated utility 
management tools. The Navigator CD-ROM is a 
bootable CD-ROM designed to get the Server up and 



HP NetServer E 45 


running immediately. To test the Navigator CD- 
ROM, I reformatted the hard disks and started with a 
clean system. From the CD-ROM, the NetServer 
booted into MS-DOS and displayed the HP Navigator 
Window GUI. I followed the onscreen instructions 
and selected the Installation Assistant. The process then 
asked which network operating system (NOS) I want¬ 
ed to install: OS/2, Microsoft, Novell, SCO, or other. 

After selecting the Microsoft NOS, I chose the 
Automated NOS. I was using a beta version of HP 
NetServer Navigator and ran into a few glitches; but all 
things considered, the process worked fine. The HP 
Configuration Assistant 2.0 took me step-by-step 
through installing the NOS, selecting configuration 
parameters, and updating the system BIOS. HP 
NetServer Navigator created a DOS utility partition, and 
asked me for input information, such as the computer 
name, the Administrator’s password, and the domain 
name. I also had to supply the NT Server CD-ROM. 


CONTACT: | 


HP 03 9272 2895 
Web: http://www.hp.com 


I PRICE: ~~| $9500 
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The entire process of booting from the CD-ROM 
through installing and successfully joining the domain 
took fewer than 50 minutes. During that time, I took 
several coffee and email breaks, which left the system 
waiting for me to click Continue. After installation, 
the system ran flawlessly, including the management 
utihties available on the Navigator CD-ROM. 

The Navigator CD-ROM includes a variety of 
support utilities. One important utility is HP 
NetServer Assistant, which includes the HP Support 
Anywhere agent, and other management tools that 
monitor the server for potential hardware problems. 
HP NetServer Assistant generates alerts for power 
supply failures, memory, disk capacity, and I/O slot 
failure, and you can customise the utility to allow 
control from a remote PC. HP Support Anywhere 
uses Simple Network Management Protocol (SNMP) 
for communicating alerts and configuration informa¬ 
tion. Some additional utilities include Symantec’s 
pcANY-WHERE32, to remotely control the server; 
HP Information Assistant, which provides a GUI 
interface for system specifications, notes, accessories, 
configuration, and optimisation; and HP Diagnostic 
Assistant, to confirm hardware configurations and test 
for common problems. 

If the HP NetServer E 45 crashes, all the critical 
technical data you need is on the Navigator CD- 
ROM. However, you must install the HP Information 
Assistant, as shown in Screen 1, on a client PC to view 
the necessary data. Because of this requirement, you 
need a working PC next to the NetServer to refer¬ 
ence the Navigator CD-ROM. Alternatively, you can 
print all 300 pages of the information. 

HP offers several support options, including same- 
day, second-day, or 24-hour support packages for 
3 years. Standard with the product is 1-year, on-site, 
next-business-day support, which your local reseller 
or HP’s customer support delivers. 

The Owner's Manual 

The HP NetServer Navigator documentation is avail¬ 
able in five languages and includes the Installation 
Roadmap, which is superb. The Roadmap steps you 
through installation in a well-documented, detailed 
manner and has diagrams for everything from 
installing expansion cards to setting SCSI jumpers. 

The NetServer hardware documentation is ade¬ 
quate, but I take exception to the heavy emphasis on 
CD-ROM based content. A technician enjoys a print¬ 
ed manual with product descriptions, diagrams, and 
detailed technical information. A printed manual lets 
you fully repair and replace every major component, 
and troubleshoot the majority of system problems 



How It Performed 

For my performance tests, I used the Lab’s standard 
configuration: a set of client machines on a 100Mbps 
Ethernet network that simulates the workload of mul¬ 
tiple users. I used Bluecurve’s Dynameasure for File 
Services 1.5 as the workload engine. The combination 
of Dynameasure and the Lab’s test environment simu¬ 
lates typical user workloads and provides quantitative 
bench-marks that you can use to compare hardware 
and software performance. 

For a comparison test system, I used a brand-name 
server with quad 166MHz Pentiums, 512MB of 
RAM, four SCSI hard disks, and an Intel 
EtherExpress Pro/100 Adapter running NT 4.0 and 
Service Pack (SP) 2.1 selected the Copy All Bi-direc¬ 
tional tests because of the random order of 16 differ¬ 
ent transactions that copy compressed data, un¬ 
compressed data, binary files, text files, and image files 
between the server and the clients. Because HP targets 
the HP NetServer E 45 for 25 to 50 workstation net¬ 
works, I tested a range of 10 to 100 users. The results 
surprised me. With up to 40 users, the HP NetServer 
E 45 could perform as well, if not better, than a quad 
Pentium system. 

Overall, the HP NetServer E 45 was impressive. It 
was easy to install and use across the network, and the 
performance was outstanding. Not bad for a system in 
a minitower chassis. 

— Carlos Bernal 


■ Screen 1: 

Viewing the Information Assistant Window and GUI 

without having to scrounge up another PC just to 
read the documentation. 


wmw.winntmag.com 

















Network Node Manager for 
Window; NT 


Hewlett Packard 


HP OpenViews flagship sails in Nt waters 

Network Node Manager (NNM) is the flagship of the 
HP OpenView suite and acts as a powerful network man¬ 
agement tool. 

When you first run NNM, it uses standard discovery 
utilities and protocols, such as ping, Simple Network 
Management Protocol (SNMP), and Address Resolution 
Protocol (ARP) to discover all the active nodes in your 
immediate network. With this information, NNM creates 
a network map to illustrate your network’s topology and 
contents. 

NNM is not limited to your immediate network. You 
can point NNM at routers or give it specific network 
ranges, and NNM will discover information about addi¬ 
tional networks or network segments. You can then main¬ 
tain the information as part of your main network map, or 
you c.an create and save separate maps. 

Besides laying out your network, NNM lets you look 
inside each node. NNM shows which computers are Web 
servers, FTP servers, and more. Because NNM uses SNMP 
as the basis for its management, it can manage a broad array 
of networking products: routers, bridges, network printers, 
intelligent hubs, or any device that supports SNMP. NNM 
can detect nodes that do not support SNMP, but NNM 
cannot manage them. 

Your level of control over a node depends on the capa¬ 
bilities of the SNMP agent on that node and the operating 
system (if any) the node is running. For example, if you 
select an NT node, you can run a variety of standard NT 
tools (e.g., Event Viewer, Registry Editor, Windows NT 
Diagnostics) on that node to gain more information. This 
level of information is not available for Windows 95 or 
other desktop operating systems. 

NNM installed easily on a 133MHz Pentium with 
64MB of RAM. HP designed NNM to run as a network 
management console, so if you want to track or trap net¬ 
work problems, don’t run other applications on the console. 

NNM replaces the standard NT SNMP agent software 
with the HP SNMP agent software, which reports more 
information to the NNM console than the standard NT 
SNMP agent software; so, also consider implementing HP’s 
agent on your NT workstations. NNM works with other 
vendors’ SNMP agents, but you will get more information 
if you use HP’s agent. 

Watching NNM go through the discovery process was 
scary. If you’ve ever played with hacker tools, you know 
where hackers get some of their ideas. NNM dutifully 
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Viewing the topology and contents of a network with a map 
NNM created 


probes your network, using discovery tools to locate each 
system on it. Because NNM uses standard open protocols, 
nothing is fishy about its discovery methodology. 
Currently, NNM can detect both TCP/IP and IPX sys¬ 
tems, but not NetBEUI- only systems. 

After NNM discovers all the nodes in your network, it 
monitors them for changes. As it supports various alert 
capabilities, it can also notify you by email. 

Most networks consist of multiple segments, and NNM 
lets you view your network from different perspectives. A 
high-level view represents your main network segments, or 
you can look at specific nodes on specific segments. NNM 
propagates any problem in a network segment up to the 
high-level view, and you can easily navigate from the high- 
level view to the detailed view. 

When your network has a problem, you simply navi¬ 
gate to the node and use NNM’s diagnostic tools to analyse 
the problem. You can also use NNM as a monitoring tool 
to view statistics for nodes or network segments, and you 
can set up traps to alert you when certain conditions arise. 
For example, NNM can tell you when you exceed a 
threshold of network errors or reach a specific level of net¬ 
work utilisation. 

NNM is reliable and easy to use, and you can integrate 
it into any size of network. You can easily combine NNM 
with other system and network management products, 
including Microsoft Systems Management Server (SMS) 
and CA/Unicenter. If you need a rock-solid, SMNP-based 
network management product, look at NNM. 


— John Enck 
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] HP 03 9272 2895 

Web: http://www.hp.com/openview 
] $8000 (for 250 nodes) 
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Veranda 


Tally Systems 


Track your messaging resources 

f you need to track the use of your messaging resources, 
Tally Systems’Veranda is a product you need. This enter- 
jrise-level electronic messaging reporter keeps track of 
;mail, fax, and Internet resources. The software lets man- 
igers consolidate information about resource usage into a 
:entral location and run any predefined or custom report 
an Veranda’s database. 

To provide this reporting capability, Veranda lets you 
establish a series of resources. With each resource, you pro¬ 
vide the name of a log file another software package gener- 
ites on your system (e.g., a “sent mail” log from your Simple 
Vlail Transfer Protocol - SMTP), or the name of a data file 
:hat contains transaction data Veranda will load and use for 
malysis. It also lets you perform preprocessing steps, in case 
you must alter the data before Veranda uses it. 

The software supports many different resource types, 
such as Microsoft Exchange Server, Lotus Notes, proxy 
servers and fax resources. Although the product promises 
adaptability using PRML (a proprietary data definition lan¬ 
guage), you cannot define your own resources - the prod¬ 
uct limits you to those resources that Tally Systems supports 
and your license allows. 

The software includes a user’s manual and an adminis¬ 
trator’s manual that total 536 pages. Both manuals are in 
Adobe Acrobat .pdf format on the distribution CD-ROM. 

I ran setup.exe in the root directory of the CD-ROM. 
The software gave me three installation options: Report 
only, to access an existing Veranda database and generate 
reports on it; Administrative, to have full read and write 
access to the database; and Custom, to select components. 

Veranda requires a SQL database engine to store its 
data. The product includes a copy of Sybase’s SQL 
Anywhere, which is the default choice. If you use SQL 
Server, you must set up your database manually. I chose 
SQL Server, and the documentation walked me through 
setup without incident. 

After you install the product, you are ready to configure 
your users and resources.This portion of the installation can 
be quick or time-consuming, depending on how complex 
you want your reporting environment to be. 

To configure the software, run the main Veranda exe¬ 
cutable program from the Veranda program group on the 
Start menu. This program, the Veranda Enterprise 
Messaging Reporter (EMR) Manager, uses an Explorer¬ 
like interface for resource and report management, as 
shown in Screen 1. 

To complete setup, you need to define your users, 



■ Screen 1: 

Viewing the Veranda EMR Manager 

resources and charges. Veranda lets you group users and 
resources into common folders - for example, if you have 
a multisite company, you can create site folders, create 
department folders to place in the site folders and place 
users within the department folders. With resources, you 
can have only one level of resource folders - for example, 
fax resources, Internet resources, and email resources - to 
group the resources you define. 

After you complete setup and import all the necessary 
reporting data, you are ready to use the Reports index tab. 
From this tab, you can run any number of reports on the 
data you collect. 

When you select the Reports index tab, you’ll see two 
generic folder classifications: Veranda Reports and Selected 
Reports. Veranda Reports are reports that Tally Systems 
ships with its product. Selected Reports are reports you 
choose from the Veranda Reports. To add a report to your 
Selected Reports, simply click it in the Veranda Reports 
folder and drag it to your Selected Reports folder. 

After I configured the software to monitor my Exchange 
Server and RightFAX resources, I used several Veranda 
Reports to generate statistics on my email and fax usage. 
When I created charges associated with the different 
resources and grouped my users into departments, I could 
make comprehensive bill-back reports for each department. 

Veranda is a boon for mid- to large-size organisations 
that need to get a handle on their messaging resources. 
The reporting capabilities of the software are unparalleled 
by any other product. 

—Michael P. Deignan 



Tally Systems distributed by Pixel 
Productions 1800 674 935/ 03 9727 0111 
Web: http://www.tallysys.com 

























Adtra SiteTedt 


Mercury Interactive 


Determine your Web site's throughput limitations 

If your Web site is growing and you are concerned about 
performance, I know a product you need to consider. 
Mercury Interactive created Astra SiteTest to let Web mas¬ 
ters stress test their Web site easily, with minimal testing 
resources. 

Astra SiteTest is the easiest program I’ve used to test 
Windows NT Magazine's Web site.When I first launched the 
program, a start screen asked whether I wanted to use the 
scenario wizard, open an existing scenario, or create a new 
scenario. Because I hadn’t used the product before, I chose 
the wizard, shown in Screen l.The wizard lets you create a 
scenario in a four-step process: select the script, configure 
the number of virtual users, set rendezvous points, and 
determine transactions. 

Creating a Script 

If you don’t already have a script, you can create a new one 
with the Virtual User Generator tool. To generate a test 
script, run Virtual User Generator from the wizard or the 
program group. When I launchedVirtual User Generator, it 
started my browser and recorded the pages I visited and the 
actions I performed on each page. When I finished brows¬ 
ing, I simply saved the script. Using the interface is as easy 
as pressing Record on a tape recorder and then pressing 
Stop when you’ve finished recording. 

This script is a text file, which you can easily edit with 
Microsoft Notepad. Each fine of the script represents one 
of five types of statements: http get, rendezvous, transac¬ 
tion, FormSubmit, and server login. Http get is the most 
common statement and references each universal resource 
locator (URL) for the script to access.The script I used for 
my test is shown in Listing 1, which includes four of the 
five types of statements (the script does not use server 
login). 

What Is a Vuser? 

To understand user behaviour at your Web site, Astra 
SiteTest lets you create virtual users (vusers) to simulate 
Web users. Vusers traverse the Web site simultaneously, but 
they don’t stop and read—vusers just move from page to 
page. However, Astra SiteTest lets you create a think time 
for vusers to simulate users reading a page. I selected the 
range to be 0 milliseconds, which forced the vusers to go 
immediately to the next page without pausing, because I 
was more interested in pounding the server to see how it 
performed with an extreme load. 

Choosing the number of vusers depends on several vari- 



■ Screen 1: 

Viewing the scenario wizard 





■ Screen 2: 

Testing the performance of a Web machine 

ables, because the number of vusers does not correspond 
direcdy to the number of real users. The amount of RAM 
on your test machine also plays an important part in the 
number of vusers you can run. Initially, I selected 30 vusers, 
but the test failed. I soon learned that each vuser needs 
about 2MB of RAM. Because I had only 64MB of RAM, 
I needed fewer vusers to allow for system overhead. I used 
20 vusers to perform the final testing, which worked well. 

Because of the lack of direct correspondence, I looked 
at my Web log to calculate what 20 vusers would mean in 
real terms. I analysed the average response time, the average 
time spent between pages, the number of users on the site 
at a given time, and the number of simultaneous requests. I 
found that 200 real users create 1.5 to 1.75 simultaneous 
requests. This calculation means that 20 vusers equal 7000 
real users (20 users X 1.75 requests X 200 real users). 

Transactions and Rendezvous Points 

The wizard lets you select which transactions to use and 
which rendezvous points are active. You must manually 
add rendezvous points and transactions to a script. 
Rendezvous points let vusers wait for other vusers to join 
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LtSTIMG 1: A Sample Test Scrpt 

lr_start_transaction(“main”); 

URL(“http^7www.winntmag.com/index.html”); 

URL(“http^7www.winntmag.com/news/Sneaking040897.htnil”); 

URL(“http^/www.winntmag.com/main/main.dbm”); 


URL(“http://vwvw.winntmag.coin/issues/repri nts.html”]; 

URL(“http^/www.winntmag.com/issues/adindex.cfm”); 

lr_end_transaction(“main”); 

lr_rendezvous(“forums_meeting_point”); 

lr_start_transaction(“Forums"); 

URL(“http^/wvvw.winntmag.coin/forums/main.html”); 


URL(“http - y/www.winntmag.com/Forams/Conf_ThreadList.cfm?CFApp=8&SwitchForum 

=60&un=lmrg7rs”); 

URL|“httpy/www.winntmag.com/Forums/Conf ThreadList.cfm?CFApp=8&SwitchFomm 
=9&un=lmrg7un”); 

URL(“httpy/www.winntmag.com/Forums/Thread.cfm?CFApp=8&ThreadlD=5733&mc 

= 1 ”); 

lr_end_transaction(“Forums”); 

FormSubmit(“http-y/www.winntmag.coin/info/wordsearch.dbm”, 

“Word_required”, “You must enter a word.”, 

“word”, “Fault Tolerance”, 

ENDFORM); 

FormSubmrt(“httpy/www.winntmag.com/info/wordsearch.dbm”, 

“Word_required”, “You must enter a word.”, 

“word”, “Backup”, 

ENDFORM); 


them so that they can enter an area togeth¬ 
er, which creates a peak load on the 
server. You can disable or enable ren¬ 
dezvous points anytime during a test sce¬ 
nario, and you can set how many vusers 
will rendezvous. 

You can automatically define transac¬ 
tions in the script to measure a set of URL 
interactions. I defined portions of my 
script as specific transactions to quantify 
the performance of my search portion of 
the script and the URL interactions in the 
Windows NT forums. I did this measure¬ 
ment by placing lr_start_transaction 
(“name”) and lr_end_transaction(“name”) 
in the script. After the scenario finishes, the 
analysis starts automatically and displays 


the performance for each of my transac¬ 
tions in a graph. 

Testing 

Mercury Interactive designed Astra SiteTest 
to run on one testing machine. You then 
use this machine to test performance 
against your Web machine; you don’t need 
additional client machines or a controller 
machine. Because of this simple design, I 
was ready to immediately start testing after 
installing the software. Screen 2 shows the 
tests that were ready to run. 

I used Astra SiteTest on several Web site 
configurations. The most interesting test 
was against a new Web server designed for 
larger Web sites than mine. This machine 


was a quad 200MHz Pentium Pro with 
1GB of RAM and eight 4GB hard disks on 
a RAID controller. I configured it with NT 
4.0 running Internet Information Server 
(IIS) 3.0 and SQL Server 6.5.1 had planned 
to replace my two original Web servers 
with this machine. 

My test revealed that the machine did 
not perform better than the original Web 
servers. This performance was based on 
response times, number of errors, and time¬ 
outs. In fact, running IIS and SQL togeth¬ 
er caused worse performance.The machine 
timed out on several page requests when 
tested with 20 vusers. I tried the test again 
with 10 vusers. The machine still failed to 
serve some pages, and again timed out on 
requests. 

As a result of this test, Astra SiteTest gave 
me quantifiable data to tell the machine’s 
manufacturer. The machine did not per¬ 
form to my expectations or the manufac¬ 
turer’s claims, even after the manufacturer 
reconfigured it. Astra SiteTest proved that 
the best solution (when my machine is 
running IIS and SQL server) is to use two 
machines: one running IIS and the other 
running SQL Server. 

A Laudable Product 

I loved using Astra SiteTest—thumbs-up to 
Mercury Interactive. The documentation is 
a little thin, but the interface is so easy to 
use, I didn’t even need the documentation. 
The product has so many graphs to choose 
from in the analysis phase that I had a diffi¬ 
cult time deciding which one to use. 
However, everything is grouped in logical 
categories—after I looked at all the graphs, 
I knew which one I wanted. 

If you are maintaining a Web site, Astra 
SiteTest is a must-have tool. It has helped 
me rethink my Web site strategy and start 
implementing a design that will handle 
traffic volume and growth, before my Web 
site goes live. □ 

— John Bredehoeft 



Mercury Interactive 
02 92237666 

Web: http://www.mercury 
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$15,000 for 50 virtual users 
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Winterm WireleM 2930 


Wyse Technology 

Wyse's new Windows terminal is a wireless 
and keyboardless wonder 

A lot of products come and go through the Windows NT 
Magazine Lab. When we receive a product that grabs our 
attention, you can be sure the product is unique. Wyse 
Technology’s Winterm Wireless 2930 clearly falls into this 
category because it is the first device we’ve seen that offers 
mobile, keyboardless access to existing DOS, 16-bit 
Windows and 32-bit Windows applications. 

With the Winterm Wireless 2930, you can walk around 
your office building while you gleefully cruise the Web. 
Medical professionals can use the terminal to update 
patient information as they make rounds in a hospital. 
Quality control engineers can use the terminal to track 
production in large manufacturing operations. Any place 
you want computer access but cannot reasonably put a 
computer is a good place for the Winterm Wireless 2930. 

To deploy the Winterm Wireless 2930, you must build a 
supporting infrastructure using the following components: 

• An Intel-based server running Citrix Systems’ 
WinFrame: the WinFrame server is the application 
server for the environment. WinFrame can host DOS, 
16-bit Windows, and 32-bit Windows applications. 

• At least one wireless hub: the hubs give the Winterm 
Wireless 2930 entry points into your traditional LAN. 
You can overlap hub coverage to provide seamless con¬ 
nectivity throughout a building. 

• CruiseConnect by Cruise Technologies: Cruise- 
Connect manages the connection between the termi¬ 
nal and the server and handles the difficulties that can 
crop up when a terminal moves from one hub zone 
to another. 

You can buy these items individually, or you can purchase a 
starter kit from Wyse that includes a terminal, a wireless 
hub, a copy ofWinFrame and the CruiseConnect software. 

Putting the Piece in Place 

I evaluated Wyse’s starter kit, which included the Winterm 
Wireless 2930, a Proxim RangeLAN2 Access Point 
(model 7520) wireless hub, and version 1.6 ofWinFrame 
with five user licenses. The CruiseConnect technology is 
integrated into the Winterm Wireless 2930 (no setup or 
configuration required) and comes on a CD-ROM for 
the server side of the link. 

The first step in deploying the Winterm Wireless 2930 
is to install WinFrame on a server. Wyse does not modify 
the WinFrame software it provides in the starter kit - you 



can use an off-the-shelf version ofWinFrame 1.5 or 1.6. 
WinFrame is based on Windows NT Server 3.51, so make 
sure you install it on a server that contains components, 
such as video adapters, that NT 3.51 supports. I over¬ 
looked this point and ended up swapping out my network 
and video adapters for NT 3.51-friendly adapters. For 
additional information about WinFrame, see Mark Smith, 
“Thin Is In,” October 1997. 

Installing WinFrame is as easy as installing NT 3.51, 
although you need to take a few extra licensing steps. After 
you install WinFrame, you must apply additional 
WinFrame Service Packs (SPs). Never install Microsoft 
NT SPs on a WinFrame system, always use the WinFrame 
SPs that combine the NT SPs with WinFrame-specific 
modifications. Wyse provides documentation on which 
SPs you’ll need, and includes them on CD-ROM. 

If you plan to use the Winterm Wireless 2930 in an all- 
IP network environment, forget it. The current combina¬ 
tion of the Winterm Wireless 2930, the wireless hubs, and 
the CruiseConnect software rely on IPX as the network 
protocol. (Wyse Technology claims that as of this writing, 
TCP/IP has replaced IPX.) Under the Wyse wireless net¬ 
work design, the WinFrame server uses the Service 
Advertising Protocol (SAP - part of the IPX protocol 
suite) to broadcast the server’s availability on the network. 
The Winterm Wireless 2930 picks up those broadcasts to 
identify which servers are available. 

I connected my WinFrame server to a 10Mbps 
Ethernet network. I enabled support for both TCP/IP and 
IPX. I didn’t need the TCP/IP protocol for the Winterm 
Wireless 2930, but I wanted the manageability that comes 
with TCP/IP (e.g., support for ping, FTP, Simple 
Network Management Protocol - SNMP). At this point, 

I had to install the CruiseConnect software on the server 
using the Wyse-provided documentation and CD-ROM. 
This operation was painless and uneventful. 

After I had the WinFrame server in place and hum- 
ming, I moved to the next step — installing the wireless 
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tub. The Proxim hub I received in the starter kit hooked 
ito my Ethernet network with ease and supported con- 
Lections within a 500-foot radius. If I needed additional 
overage, I could have deployed additional hubs in over- 
ipping zones. The Proxim hub supports IP and IPX, so 
ou can integrate into an IP-managed network. However, 
ecause I was using only IPX, I ignored the IP configura- 
ion of the hub. In a real IP network, you want to at least 
st up the IP address of the hub so you can manage it as 
art of your IP network. Because I could ignore the IP 
onfiguration of the hub, all I had to do was connect the 
Lub to my network and a power source, and turn it on. 

bruising the Lab with the Winterm 
Wireless 2930 

Vith my infrastructure in place, I picked up the Winterm 
Vireless 2930 and turned it on. The terminal is 9.8" tall 
nd 10.6" wide and weighs 3.2 pounds. It’s a lot bigger 
han a palmtop but a lot smaller than a laptop. The 
Vinterm Wireless 2930 runs off a NiMH battery for up 
o 3 hours. Protective rubber housing runs around the 
:dge of the unit, so if you drop it, it might survive. 

The Winterm Wireless 2930 felt comfortable in my 
lands when I walked around with it. Using it on the fly 
equires a skill set similar to using a clipboard on the fly. 
So if you can’t write on a clipboard while you’re stand- 
ng, chances are good that you won’t be able to use the 
Winterm Wireless 2930 either. 

The display on the Winterm Wireless 2930 is aVGA- 
:ompatible LCD screen similar to a screen on a laptop 
:omputer. Note that I saidVGA and not SuperVGA - the 
difference between the two display implementations is 
mportant because VGA limits you to 16 colours; you 
ivon’t be walking around with the Winterm 
Wireless 2930, admiring photos you’ve scanned in. 
Wyse Technology claims that a 256-colour client soft¬ 
ware upgrade will be available by the time you read 
this review.) 

The Winterm Wireless 2930 includes a stylus to simu¬ 
late onscreen mouse clicks. The left side of the terminal 
includes a number of push-button controls that you can 
use to configure the unit, control the display brightness 
and contrast, activate the onscreen keyboard, change 
between right and left-click mouse emulation, invoke 
two macro key functions, enable and disable sound, and 
put the terminal into sleep and suspend mode. 

When you turn on the Winterm Wireless 2930, it 
searches the network for compatible servers. If you 
installed your infrastructure correctly, you will see the 
name of your WinFrame server appear. Simply use the 
stylus to select a host and press the Connect option. The 
Winterm Wireless 2930 will then connect to the 
WinFrame server and the next thing you’ll see is the 


WinFrame logon screen.You can log on by activating the 
onscreen keyboard and pressing the appropriate keys, or 
you can preprogram your username and password into 
the macro buttons and press them to log on. 

Once you’re connected to the WinFrame server, using 
the Winterm Wireless 2930 is just like using a Wyse win¬ 
dows terminal, except you don’t have a separate key¬ 
board. Because the stylus emulates a mouse, you can press 
it to the screen to simulate a right or left mouse click. 
When you need to press specific keys, just pop up the 
onscreen keyboard and press the keys you need. I could 
not find any keyboard or mouse activities that I couldn’t 
simulate on the Winterm Wireless 2930, but some opera¬ 
tions were clearly easier than others. 

For me, the best test of the Winterm Wireless 2930 was 
when I downloaded Internet Explorer (IE) 3.0 for 
NT 3.51 and cruised the Web. The Winterm 
Wireless 2930 provided a very natural interface to the 
Web - I could touch the stylus to a hothnk to move for¬ 
ward, or I could press Back to go back. 

I would love to have this terminal nearby for Web 
access - you can hold it in your lap, sit back and cruise 
the Web with grace and ease. However, I would not use 
the Winterm Wireless 2930 for word processing or 
spreadsheet applications because keyboard-intensive 
applications are not a good fit with this technology. 

A Wyse Future? 

While I was using the Winterm Wireless 2930, I kept 
thinking of cheesy science fiction movies where someone 
reads a newspaper on a digital tablet or one engineer pre¬ 
sents a digital tablet for another engineer to look at. I was 
holding that device in my hand - I could use the 
Winterm Wireless 2930 to read an online newspaper, to 
run Performance Monitor, or to access any other applica¬ 
tion on my WinFrame host. 

The Winterm Wireless 2930 impressed me and I rec¬ 
ommend it for any mobile application that has minimal 
keyboard interaction. While it does not pose a threat to 
traditional desktop computers, traditional desktop com¬ 
puters pose no threat to the Winterm Wireless 2930. 
These two different types of devices are designed for dif¬ 
ferent applications. I’ll never write a review using this 
terminal, but I’ll never put my desktop computer in my 
lap to cruise the Web. My universe certainly has room for 
both types of devices. 

—John Enck 

Wyse Technology 1800 659 508 
Web: http://www.wyse.com 
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forging NT's future 


NT 5.0 has new features but 
requires major network changes 


S ince we previewed some of NT 5.0’s features in last year’s June 
issue, Microsoft has continued to announce new plans for its 
upcoming OS - which could explain its continuing delay.While Bill 
Gates had seemed optimistic about 5.0 hitting the market halfway through 
this year, it’s now largely recognised that it will only arrive much later. J 
Yet the news isn’t all bad, for at least the new features that Microsoft 
announced at the latest Professional Developers Conference (PDC) will sig¬ 
nificantly improve NT. More specifically, the new developments take place in 
five main areas: the Active Directory (AD), security systems, infrastructure,J 
hardware support and networking tools. 

Compelling New AD Features That You Might Lose Out On 

From the beginning, NT 5.0’s directory service, AD, has been in the spotlight. 
Microsoft intends AD to be a big, flexible, distributed, fault-tolerant database 
containing user account information, network shares information, security 
data, shared applications, and just about anything else that you want to put in 
it. AD eliminates or severely modifies the current notion of local and global 
groups, trust relationships, the Network Neighborhood, and user accounts. 

Installing NT 5.0 and its directory service on your existing network 
will yield some positive features, but migrating to NT 5.0 will require mapr 
changes in your network. Most firms won’t be able to switch all their 
domain controllers to NT 5.0 simultaneously, which means that many com¬ 
panies will live in a mixed environment including NT 3.x, 4.0, and 5.0 sys¬ 
tems for a while. However, unless you convert every domain controller to| 
NT 5.0, you will lose out on two compelling AD features: multimaster repli¬ 
cation and nested groups. 

Multimaster replication is an improvement that’s long overdue. In NT 3.x 
and 4.0, user account information for a domain resides only on the Primary 
Domain Controller (PDC). Backup Domain Controllers (BDCs) contain 
copies of that information. If you want to change user account informajj 
(such as resetting a forgotten password or creating a new account), you must 
connect directly to the PDC - a major pain in large networks. But with NT 
5.0, you can update account information at any domain controller, as long as 
you have a pure NT 5.0 environment. 

The Global Catalog (GC) helps make multimaster replication possible! 
Different domains in an enterprise share a GC, which contains summarised 
information (e.g., user accounts and shares) about all the enterprise’s 
domains. When you’re logging on to one domain from another domain, the 
local domain controller can’t authenticate you directly because it doesn’t 
contain a user account for you. So, with the GC’s help, the local domain con¬ 
troller determines what domain you belong to and the name of a domain 
controller in your domain. 



Although an enterprise has only one 
GC, you can set up GC replicas anywhere 
in the enterprise. Thus, GC management 
will be an important part of NT 5.0 
administration. 

Another attractive feature of NT 5.0 is 
that you can nest groups. For example, you 
can create a group called Perth - managers 
inside another group called Perth 1 - 
employees, which in turn might reside in a 
third group named Australian - 
employees, which finally resides in a group 
named Employees.You can’t nest groups in 
NT 3.x or 4.0 - and you can’t nest groups 
in NT 5.0 until you’ve converted the last 
NT 3.x and 4.0 domain controllers. 

Nested groups and multimaster replica¬ 
tion will not work in a mixed environment 
because of the way in which NT 3.x and 
4.0 systems look up security information. 
NT 5.0 domain controllers can pretend to 
be NT 3.x and 4.0 domain controllers for 
compatibility purposes, but once they flex 
their wings and act like full-fledged 
NT 5.0 domain controllers, the way in 
which they arrange user accounts would 
confuse an NT 3.x or 4.0 BDC. 

So why doesn’t Microsoft simply 
service pack to modify how an NT|J| 
or 4.0 domain controller searches. 
domain’s account information? Acct 
to a Microsoft program manager, Microsoft 
could certainly create a service pack to let 
NT 5.0 operate in a mixed NT environ¬ 
ment without sacrificing features, but “cus¬ 
tomers won’t accept” another service pack. 
This response is odd when you consider 
that Microsoft will release a service pack 
for NT 4.0 because NT 5.0 incorporates a 
new NTFS format, called NTFS 5. 
Apparently, disk formats are important 
enough to warrant a service pack, but the 
directory service isn’t! 

In addition to multimaster replication 
and nested groups, NT 5.0’s AD has anoth¬ 
er important development: a networked 
Registry called the Class Store. Each 
Organisation Unit (Microsoft’s term for a 
subpart of a domain) has a Class Store. The 
Class Store is a fist of all available applica¬ 
tions and where to find them. 

For example, suppose I send you an 
email with an attachment in Portable 
Document Format (PDF). Because Adobe 
Acrobat creates .pdf files, to read the file, 
you need Acrobat Reader, which you don’t 


have on your system. When you try to 
open the .pdf file, your NT 3.x or 4.0 sys¬ 
tem searches the local Registry, discovers 
that the necessary software is missing, and 
realises that it doesn’t know what to do 
with the .pdf file. So NT gives you a dia¬ 
logue box that says, in effect, “I don’t know 
what to do with a .pdf file, but I do know 
of these programs: Word, Notepad, and so 
on. Can any of them read a .pdf?” 

In contrast, if NT 5.0 can’t find the 
appropriate software in the Registry, it 
queries AD’s Class Store about the soft¬ 
ware. The Class Store might respond, “Oh, 
yes, I know what program you need for 
.pdf.You can install this program from a file 



named \\APPSVRS\ADOBE\ACRO- 
BAT.CAB,” or perhaps, “You can find a 
program that handles .pdfs at 
http://www.adobe.com/acrobat/ 
acroread.zip.” The Class Store extends 
HKEY_CLASSES_ROOT on your 
machine to a distributed directory of appli¬ 
cations, whether the applications are local 
(via a universal naming convention or uni¬ 
versal resource locator - URL) or distant 
(via a URL) , 

Kerberos Is Not the Only Guard 
Dog in Town 

With NT 5.0, to borrow from Firesign 
Theatre, “everything you know is wrong.” 
Current network logons rely on a variation 
of the NT LAN Manager (NTLM) 
authentication system, which has been 


' 


around since the LAN Manager days. (Foi 
background on NTLM logons, see my col¬ 
umn “Windows NT Logons,” August 
1997.) NTLM is a tad inefficient, so 
Microsoft originally decided to embrace an 
old standard, the Kerberos authentication 
system. Because Kerberos uses passwords for 
authentication, you can easily build transi¬ 
tive trust relationships, which are an impor¬ 
tant part of NT 5.0’s big network nature. 
(For more information about Kerberos, see 
my Inside Out column “Kerberos and 
NT 5.0,” October 1997, and Michael E. 
Chacon, “Kerberos Is on Guard in 
Windows NT 5.0,” November 1997.) 

Kerberos is the security blanket for NT 
5.0 - or at least that was the story at last 
year’s PDC. At this year’s PDC, Microsoft 
demonstrated a growing affection for pub¬ 
lic-key authentication rather than pass- 
■ word-based (also known as shared-secret) 
^security systems. Kerberos will be the 
default security system, but you can also 
. fise an X.509-compatible public-key 
authentication system. In addition, you can 
use an NT server as your own key server, 
pri other words, you will have your own 
'certificate authority. 

Public-key systems have drawbacks, 
however. One disadvantage is that pass¬ 
words on public-key systems are enormous 
and impossible to memorise. Currently, the 
most popular solution to this problem is 
smart card systems. The Microsoft repre¬ 
sentatives were pushing smart card tech¬ 
nology for NT 5.0 quite a bit at the PDC. 

To audit your public-key or password- 
based security system, you can use NT 5.0’s 
Security Configuration Editor.This feature 
performs two major functions: it helps you 
audit your network security, and it lets you 
easily modify permissions (i.e., the access 
control fists - ACLs) in your network. You 
can’t modify the ACLs for many items in 
NT 3.x and 4.0, but NT 5.0 eliminates 
that limitation. Even better, you can run 
the Security Configuration Editor from 
the command fine, so you can easily write 
scripts for administration of big portions of 
the network. 

New Infrastructures Take the 
Terror Out of Handling Terabytes 

I expected TCP/IP or new mutations of 
HTML to be the big story at the PDC. 
Although Microsoft had news about 
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< A word of advice for the captain 
of the web development team=> 

“FASTER!” 



-edibly short time 
Libertelli, Technical Direc 


site as sophisticated as SmartMoney-i in 
ithout Cold Fusion. A slows painful one- 

Allaire introduces Cold Fusion 3.1, the world's web application development system. 

Your clients can’t get web applications fast enough. Allaire helps you get ahead with a scalable, 
high P er f° rmance programming system that lets your team really crank. 

Cold Fusion Studio provides flexible visual programming and database tools that allow any developer 
to spin out dynamic web pages as quickly as static ones. When paired with our Application Server, you 
get a complete system for integrating browser, server and database technology it 
business solutions. It’s quickly becoming the RAD corporate standard for fast track companies. 

With powerful out-of-the-box source code control, Cold Fusion lets team members race through work locally or remotely 
via HTTP, connect to any database via ODBC and deploy apps on both NT and Solaris. 

So what are you waiting for? Download your free 30 day evaluation at www.allaire.com/team today. 
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( Updating Your Drivers and Setting Your Sites for Windows NT 5.0 ) 

Upgrading controllers to NT 5.0 will be quite demanding in terms of the hardware needed. 
Howdemanding is hard to determine because the NT 5.0 development process is still in its early 
stages. Although Microsoft usually cries foul when the press comments on beta speed, I'll venture 
this prediction: because my experience in the past 10 years has taught me that the final products 
aren't much faster than their betas, I estimate that you'll probably need a +166MHz system with at 
least 64MB of RAM to run a bare-bones NT 5.0 system. Most people will likely start their systems 
more along the lines of a Pentium Pro with 128MB of RAM. 

When you set up your enterprise NT 5.0 network, you'll need to describe the enterprise in two 
ways: its domains and its sites. Domains reflect your organisational layout; sites reflect the physical 
layout of your firm. Sites and domains are unconnected. You can have a site that contains domain 
controllers from any number of domains, and you can spread domains across sites. 

A domain is a security boundary - in other words, an administrative partition. Unlike NT 3.x and 
4.0 domains, NT 5.0 domains can encompass millions of users, so you can put your entire firm in a 
single domain. But many enterprises will, no doubt opt for having many domains. Each domain will 
have a unique AD. Every domain controller in that domain will have a copy of the AD, which NT will 
replicate to ensure consistency among the copies. 

But suppose the domain controllers in a domain are in different geographic regions and 
relatively slow WAN links connect them. Will NT 5.0 choke the WAN links with a lot of replication 
traffic? No, because NT 5.0 will use sites. Sites describe the physical layout of an NT network. The 
physical layout includes information on which machines have high-speed links and which have low- 
speed links. By default relatively nearby domain controllers with higher-speed links will update each 
other every 5 minutes. Domain controllers with slower links will update each other less often. You 
can, however, change the update frequency. 

Although you can control how often updates occur across WAN links, a nice feature would’ve 
been designing the network software to do some of that work instead. This feature would've been 
possible (sites provide NT 5.0 with the information it needs to use site-to-site links intelligently), but 
Microsoft missed the boat 


NT 5.0’s networking capabilities, the news 
about NT’s data storage capabilities cap¬ 
tured the attendees’ attention. 

The biggest story is that NT Server will 
ship with Hierarchical Storage Manage¬ 
ment. HSM is similar to virtual memory. 
With virtual memory, NT uses the hard 
disk as memory when NT runs out of 
RAM (a habit for NT). With HSM, NT 
creates virtual disk storage out of tape dri¬ 
ves, optical drives, and other cheaper-by- 
the-byte storage media when NT runs out 
of RAM. 

Here is a simplified description of how 
HSM works. Suppose a company has an 
NT 5.0 Server with an 8GB hard disk and 
12GB tape drive. As employees access files, 
the server keeps track of which files they 
use and how often they use them. 

Although the server starts without 
much data on its hard disks, that situation 
soon changes as employees fill up the serv¬ 
er’s shares. The first 8GB of data go on the 
hard disk, where employees can quickly 
access the data. As time goes on, employees 
try to put more than 8GB on the server. 
(To most employees, this server appears to 


have 20GB of storage.) With previous ver¬ 
sions of NT, employees would, at this 
point, get “out of disk space” messages. 
With NT 5.0, however, the story has a dif¬ 
ferent, happier ending. The server analyses 
file usage patterns to determine which files 
aren’t accessed often. The HSM then 
migrates the less-used files to the tape 
drive, making space on the hard disk for 
more often-used files. 

Migrated files show up in the user 
interface with a small clock icon next to 
them. This icon lets you know that if you 
want to access those files, you will have a 
short wait while the HSM service grabs 
them off the tape drive. 

The process I just described is a 
two-level HSM system, which comes free 
with NT Server. A three-level system 
is also available from HSM’s developer, 
Eastman Software. In the three- 
level system, data migrates from a fast disk 
to a somewhat slower, but more capacious, 
optical disk. If you need even more space, 
the least-used data can migrate from the 
optical disk to the tape drive. 

Two tools (reparse points and volume¬ 


mounting utilities) make two- and three- 
level HSM systems possible. (You coulc 
even use these tools to create a 50-leve 
HSM system.) 

Reparse points let you create a new 
directory by gluing together two existing 
directories. For example, suppose you’re 
working on a project that has graphics on 
h:\grafs and text on c:\txt.You want tc 
compile the information into a directory 
called m:\project. First, you create the 
directory m:\project. Below the directory 
you use reparse points to glue c:\txt as 
m:\project\words. Next to m:\project\ 
words, you use reparse points to glue 
h:\grafs as m:\project\pictures.The result 
is that when you open m:\project, you’ll 
have everything you need for your project, 
but you won’t realise that you’re accessing 
the C: and H: drives. 

In addition to using reparsing, HSM 
uses volume-mounting utilities. Volume 
refers to the place where you store 
data. Mounting refers to the process in 
which a server assigns a drive letter to a 
storage device. 

DOS, Windows and NT have always 
been weak in the mounting area. For 
example, when you boot an NT 4.0 sys¬ 
tem, the server locates all floppy drives, 
hard disks, CD-ROMs, and so on, giving 
each a drive letter. Because the NT world 
inherited the DOS/critical path method 
(CPM), single-drive-letter model, the serv¬ 
er has only 26 possible places to store data 
(A: through Z:). 

But in most other operating systems, 
you can control drive mounts and dis¬ 
mounts on the fly - a task not feasible in 
the Wintel world, until now. NT 5.0’s vol¬ 
ume-mounting utilities let you store data in 
whatever drive you assign it to. For exam¬ 
ple, in a PDC demonstration, a Microsoft 
representative first used a reparse point to 
glue a CD-ROM onto an existing drive as 
the directory E:\CDROM. He then dis¬ 
mounted the CD-ROM, which had been 
drive D:. The result was that all the CD- 
ROM’s data was accessible as E:\CDROM 
and the D: drive letter was free for re-use! 

In addition to HSM, Microsoft intro¬ 
duced several other networking infrastruc¬ 
ture developments at the PDC. Those 
developments include the new Disk 
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Manager (which replaces the old Disk 
Administrator), FAT32 support, encryp¬ 
tion support, a defragger, and an improved 
backup program. 

The new Disk Manager and many 
other NT administration tools no longer 
require reboots. You can add a new physi¬ 
cal drive, partition it, format it, and use it 
without rebooting. However, you need to 
beware of one catch. To eliminate reboots, 
your disk’s host adapter must be an NT 5.0 
disk driver. The NT 5.0 disk driver differs 
from the NT 4.0 disk driver in that it fea¬ 
tures Plug and Play (PnP). With PnP, you 
can disconnect removable media more 
easily, so you won’t even have to reboot to 
remove your Jaz cartridge. 

Another feature of the Disk Manager is 
that it is a single-seat administration tool. 
This feature will let you perform disk 
administration tasks on computers with¬ 
out having to be sitting at the computer. 
Think of how much fun you’ll have 
remotely attaching to someone else’s 
workstation disks via the network and 
then formatting those disks.... 

Microsoft decided to knock down a 
big wall between Windows and NT by 
supporting FAT32 under NT. With; the 
FAT32 driver, you can format partitions 
up to 32GB. 

NT 5.0’s new format, NTFS 5, will 
support encryption. You can encrypt files 
and annotate them any way you like. You 
can even search on those annotations. 
NTFS 5 will also support filters. These 
programs (e.g., an antivirus application) 
examine files as the files are being trans¬ 
ported on or off a disk. 

A defragger will finally ship with 
NT 5.0. Executive Software is graciously 
providing this tool for free. I’m sad to 
say that the defragger will not include 
the cool application-specific defragmen¬ 
tation wizard that Windows 98 (Win98) 
will feature. 

Microsoft will improve NT 5.0’s back¬ 
up program several ways. First, Microsoft 
will add support for changers. Second, 
you’ll be able to use nontape devices (such 
as Jaz or other optical drives) for backups. 
Third, NT 5.0’s backup program will inte¬ 
grate better with the Scheduler (which 
now features an easy-to-use GUI). Finally, 


best of all, the backup program will sup¬ 
port disaster recovery. When you need to 
restore an entire server on a new machine, 
you just insert one floppy in the drive and 
boot the new machine. The floppy will 
prompt you to insert tapes and, in a while, 
you’ll have a completely restored server. 

All these changes to NT 5.0’s infra¬ 
structure will render NTFS volumes creat¬ 
ed under NT 5.0 unintelligible to earlier 
NT versions. Microsoft plans to release a 
service pack for NT 4.0 that will let 
NT 4.0 understand NTFS 5. 
Unfortunately, Microsoft does not plan to 
create a similar service pack for NT 3.51. 



Hardware Won't Be so Hard 

I’m not much of a fan of Windows 95 
(Win95) and Win98, but they have 
one undeniably desirable feature: PnP. 
Although you might have heard shrug- 
and-pray jokes, PnP’s theory is sound. 
Most problems that PnP users encounter 
stem from PnP’s hardware. Many PnP sys¬ 
tems in use today are the early hardware — 
the first crop. Remember how bad the first 
crop of Windows 3.0 applications was? 
Similarly, remember what a pain Windows 
3.0 was when you ran a few old DOS 
applications? What DOS was to Windows 
is what old ISA boards are to PnP systems. 
Modern PnP systems that contain only 
PnP components and a PnP-enabled 
operating system (such as Win95) are 


much easier to configure than older sys¬ 
tems (such as NT 4.0). 

NT 5.0 will close the PnP gap with 
Windows. NT 5.0 will fully support PnP 
and all the latest hardware doodads, includ¬ 
ing Universal Serial Bus, Institute of 
Electrical and Electronic Engineers (IEEE) 
1394, tape changers (the built-in backup 
program now supports tape loaders), and 
asynchronous transfer mode (ATM). NT 
will even follow Win98’s footsteps by sup¬ 
porting TV tuner boards and enhanced 
television - an improvement I have yet to 
completely understand. (At the PDC, 
Microsoft demonstrated an online TV 
guide. Not only can you discover what 
programs are on, but you can also click on 
a program to watch it right on your PC. 
This integration ofTV and PCs lets couch 
potatoes become mouse potatoes!) 

& Another questionable improvement in 
lNT 5 . 0 ’s hardware is DirectX 5. With 
DirectX 5, game designers will have an 
easier time supporting NT. (However, I 
find it hard to imagine NT as a game plat- 
yjrorm.) NT 5.0 will also support multiple 
'monitors. You just install a few PCI video 
cards into a box and attach monitors to 
them. NT will then spread your display 
among the monitors. 

NT 5.0 will also feature power man¬ 
agement. This feature will let you put 
your computer in at least two low-power 
modes: standby and hibernate. Microsoft 
characterises the standby mode as a light 
sleep. Outside devices (such as fax 
modems, network cards, or the clock) 
can wake the computer. The hibernate 
mode is similar to the suspend/resume 
feature in many notebook computers. 
This mode notes the current state of the 
computer and puts this information into 
a hibernation file. 

To use NT 5.0’s power management 
feature, you’ll need a new computer. 
Currendy, PCs use a BIOS-based standard 
called Advanced Power Management 
(APM) to accomplish power management. 
Because APM is BIOS-based and NT 
doesn’t use any real-mode code, APM 
won’t work well under NT without a lot 
of fancy driver work. Some vendors have 
tried power management under NT, but I 
have yet to come across a laptop in which 
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power management works reliably. 

Newer computers supposedly use a 
power management method called the 
Advanced Configuration and Power 
Interface (ACPI), but I don’t recall seeing 
ACPI as an option in the various laptops 
I’ve looked at in the past year. In addi¬ 
tion, I’m not thrilled about having to buy 
all new computers when NT 5.0 arrives 
next year. 

Will NT 5.0’s hardware changes force 
you to get new drivers for your hardware? 
The answer depends on whether you want 
to use all of NT 5.0’s features. Because 
Microsoft received a lot of flack when it 
made NT 4.0 disk drivers incompatible 
with NT 3.51 drivers, Microsoft designed 
NT 5.0 so that it can use NT 4.0 drivers. 
However, if you use NT 4.0 drivers, you 
won’t be able to use NT 5.0’s new features 
to the fullest extent. To take advantage of 
multimaster replication, nested groups, 
PnP, no reboots, and power management, 
you’ll have to update your drivers. (For 
information about hardware requirements, 
see the sidebar “Updating Your Drivers and 
Setting Your Sites for Windows NT 5.0,”) 

Network News 

Although many of NT 5.0’s networking 
capabilities have been public for a while, 
Microsoft introduced several new network 
tools at the PDC. Two of those tools will 
let you more easily build Virtual Private 
Networks (VPNs) on the Internet or pri¬ 
vate intranets. Currently, NT’s main VPN 
tool is Point-to-Point Tunneling Protocol 
(PPTP), which ships with Remote Access 
Service (RAS). A protocol similar to PPTP 
- Layer 2 Tunneling Protocol (L2TP) - 
will appear in RAS for NT 5.0. NT 5.0 
will also feature Ipsec, a system that lets you 
add security to IP networks at the IP level. 

Once you have built your VPN, you 
might want to play NetShow video broad¬ 
casts. By supporting multicasting, NT 5.0’s 
routing software will simplify playing such 
broadcasts. Multicasting is a technology 
similar to broadcasting, except that broad¬ 
casting communicates with every comput¬ 
er on the network and multicasting com¬ 
municates only with selected machines. 

All the network news is about IP 
because it is the default network protocol 



for NT 5.0. Fortunately, controlling IP 
will get easier. NT 5.0 will have an 
improved administrative user interface, and 
you’ll be able to do all your server admin¬ 
istration without rebooting. Microsoft will 
also plug a long-standing hole in NT net¬ 
working by including distributed time 
server software in NT 5.0.Although I have 
learned how to compensate for this past 
oversight, I’ll be glad to have the software 
automatically synchronise all the NT 
boxes (and yes, the time server software 
does understand time zones). 

Improvement Potpourri: Upgrade 
Paths and More 

At the PDC, Microsoft revealed other 
NT 5.0 developments that did not fall in 
the five areas I just covered. One such 
announcement was that NT 5.0 will have 
an upgrade path from Win9x. Currently, if 
you install NT 4.0 on a system that 
already contains Win95, the NT setup 
program cannot read the Win95 Registry. 
As a result, you cannot migrate your 
applications to NT and instead must rein¬ 
stall all your applications. However, the 
NT 5.0 installer will understand both the 
Win95 and Win98 Registries, so you can 
upgrade a machine from Windows to NT 
without trouble. 

Other interesting improvements include: 

• NT 5.0’s kernel will have a tool that 
lets you point to a program and tell the sys¬ 
tem, “If this program takes up more than 
X megabytes of space or more thanY sec¬ 
onds of CPU time, automatically terminate 
it (or reduce its priority or alert you, etc.).” 

• Under NT 5.0, you can build a single 
version of a program to support many dif¬ 
ferent languages. 

• NT 5.0 will include a text-to-speech 
facility. You just point to a part of the screen 
and the computer will speak the screen’s 
text. Although text-to-speech technology 
isn’t new, it’ll be convenient when incor¬ 
porated into the operating system. 

Is Microsoft Up to the 
Challenge? 

In the past year, Microsoft did not ship any 
new NT versions, yet it changed the over¬ 
all picture of NT immensely. Although 
NT is gaining acceptance at an incredible 


rate — Microsoft claims to have sold over 1 
million copies of NT Server in the past 
year - NT has lost on the architecture- 
independence front. In 1996, NT support¬ 
ed four architectures; now, NT supports 
only Alpha and the Intel x86 lines. 

NT has become more formidable in 
size. At the PDC, a Microsoft representative 
compared NT 3.1, 4.0, and 5.0 by noting 
that NT 3.1 contains 6 million lines of 
code, NT 4.0 contains 16 million lines, and 
so far, NT 5.0 contains 27 million lines! In 
fact, 400 developers and 400 testers are 
working on NT 5.0. 

At this point, Microsoft’s marketing 
prowess has all but guaranteed that NT will 
be a major desktop operating system in the 
twenty-first century, if not the desktop 
operating system of the future. But NT 
4.0’s quality problems and the ill-fated 
Service Pack 2 leave open the question of 
whether Microsoft’s development prowess 
is up to the NT 5.0 challenge. Although no 
one can answer that question yet, I saw a 
disturbing trend at the PDC that might 
indicate Microsoft is not ready: more than 
half of the demonstrations I saw on the first 
day failed. The demonstrations did not fail 
because of unsound technology. They 
failed because the Microsoft representatives 
did not take a few extra minutes to actual¬ 
ly try the demos before attempting them in 
front of 7000 potential customers. NT 5.0 
is enterprise software, and it can’t be sold 
like Monster Truck Madness. 

If NT 5.0 delivers, it’ll be a new bench¬ 
mark in operating system price and 
performance - but let’s hope that Microsoft 
takes its time. Most customers would rather 
see a high-quality product that doesn’t ship 
until 2000 than an unreliable one that takes 
six service packs to become stable. O 
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ave you ever grumbled about how hard reinstalling Windows NT is? Have you ever noticed 
that Windows 95’s Briefcase is a great idea trapped in a poorly implemented program? Have 


you ever wanted to remotely install applications on users’ desktops with just a few mouse clicks and no pro- 
g.„ gramming? If so, you’ll be happy to learn about new developments in the Zero Administration for 
Windows (ZAW) initiative. 

After vears of indifference. Microsoft has finallv decided to make suDDortint* its ODeratin? svs- 


After years of indifference, Microsoft has finally decided to make supporting its operating sys¬ 
tems easier. Microsoft is making many support changes under the ZAW umbrella. At first glance, 


ZAW seems like a huge, all-encompassing change to how NT works, but ZAW really rests on 


just a few key technologies: a new caching system, better application installers, intelligent 
storage, and PCs with a mildly smarter BIOS. 


IntelliMirror: A Network Caching System 

A keystone of ZAW is IntelliMirror, a new caching system built into NT 5.0. Instead of the 
common disk cache found on all modern desktop operating systems, IntelliMirror is a 
network cache. Here is how network caching works: accessing a file on a network is typ¬ 
ically slower than accessing a file on a local hard disk, so NT 5.0’s network redirector 
keeps a copy of often-used network files on the local hard disk. Suppose you want to 
access a file on the network.The redirector checks whether the copy on the hard disk is 
the same as the copy on the network. If the copies match, the redirector simply accesses 
the local hard disk copy, saving time. If the copies don’t match, the redirector updates the 
appropriate file and then accesses the hard disk copy. 

If IntelliMirror detects that the server is no longer accessible because the network failed 
| or you disconnected your laptop from the network, the file seamlessly works out of the cache. 
If you’ve ever lost a Word document because the network hiccuped, you’ll love this feature. 

You might also learn to love other IntelliMirror features because of the convenience they offer. 



For example, with IntelliMirror, your users can roam and keep their data handy. Microsoft suggests you 


set up the system so that applications store users’ data in the My Documents folder. (You can, however. 


store your data anywhere you want. The My Documents folder is just the default). Because My Documents 
resides on the server, any machine you log on to can access those documents. Once the server and a machine 
connect, the NT 5.0 network redirector copies the documents onto the machine’s local hard disk.Thus, users can quickly 
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access those documents. Updating the doc¬ 
uments is a bit slower because IntelliMirror 
is a write-through cache. When you mod¬ 
ify and save a file, the redirector immedi¬ 
ately writes the modified version to both 
the hard disk and the network. 

IntelliMirror can make working with 
network-based files easier when you’re on 
the road. Suppose you connect your laptop 
to the network so that you can work on a 
file located on a server named PUBSERV- 
ER.The file’s universal naming convention 
(UNC) is Wpubserver\finance\oct97.xls. 
Once you’re on the road, you just start up 
the laptop and open the file 
Wpubserver\finance\oct97.xls. Although 
you are no longer connected to PUB- 
SERVER, the file oct97.xls is in your 
IntelliMirror cache and IntelliMirror 
recalls its original UNC. You can then 
work on the file and save it to the network 
(which is actually the IntelliMirror cache). 
When you reconnect to the network, 
NT 5.0 will detect that you changed 
oct97.xls and will automatically overwrite 
the copy on the server with the newer ver¬ 
sion on your laptop. If someone changed 
the version on the server while you were 
gone, IntelliMirror asks you what to do. As 
one Microsoft employee wryly explained 
to me at TechEd, IntelliMirror is “just like 
the Briefcase, except it works.” 

IntelliMirror not only caches files ordi¬ 
narily found on the network, but also 
caches their network names, which again 
helps laptop users. Before I go on the road, 

I must remember to copy those files I need 
onto my laptop. Then, when I start up 
Word and try to access one of those docu¬ 
ments, I have to hunt around my laptop’s 
hard disk to find that file. What was once 
Wserverl\books\chapter2.doc is now 
d:\ontheroad\chapter2.doc, so I can’t just 
pull down the File menu and select from 
that menu’s Most Recently Used fist. After 
returning to the office, I have to reconnect 
my laptop to the network and copy the 
modified files onto the server. Finally, I 
delete the copies on the laptop’s hard disk 
because I don’t want several file versions 
floating around. With IntelliMirror I don’t 
need to worry about any of that. 

As these examples show, IntelliMirror is 
a local network cache that keeps copies of 
your server-based files on the local hard 


disk. Sounds good, but what about security? 
Suppose I log on to a common machine, 
work on a secure server-based file (such as a 
memo containing everyone’s salaries), log 
off and walk away. That memo is on the 
common machine’s hard disk. Isn’t that a 
security hole? 

The answer is yes and no. First, files are 
person-specific because NT 5.0 relies on 
NTFS. So when Joe logs on to the com¬ 
mon machine after I get off, he won’t have 
file permissions to access the memo. In 
addition, files in the cache don’t have ordi¬ 
nary names. Instead, they have names like 
M75%193746229127.CHC. So Joe isn’t 



likely to just happen across a file named 
payroll memo.doc, even ifjoe feels inclined 
to poke around the cache. Flowever, ifjoe 
has an administrator-level account on that 
workstation, he can certainly take owner¬ 
ship of the file and modify the permissions 
so that he could read the memo. 

You have two ways to protect your 
NT 5.0 system against this type of security 
breach. First, don’t freely hand out admin¬ 
istrative accounts. Compared with previous 
NT versions, NT 5.0 administrative 
accounts let people do a lot more because 
NT 5.0 can do a lot more. Second, you can 
tell IntelliMirror not to cache a particular 
account’s profile and other files. However, 
this solution is a bit troublesome because 
you must forgo all the benefits of Intelli¬ 
Mirror. IntelliMirror would have been bet¬ 
ter if Microsoft had designed it so that you 


could tag certain files as noncacheable. 

At this point, you might be thinking 
that IntelliMirror offers convenience, but 
not really support. IntelliMirror’s code¬ 
signing verification and self-healing appli¬ 
cations might change your mind. 

Installing and fixing applications cause 
many headaches for support specialists.You 
might need to fix an application for sever¬ 
al reasons, but a common reason is over¬ 
written DLLs. Most programs ship with 
not only an EXE file, but also at least one 
DLL. (Some programs have as many as 30 
DLLs.) Applications should store their 
DLLs in their application directories (e.g., 
DLLs that Word uses ought to go in the 
Word program file directory), but many 
vendors, including Microsoft, are in the 
habit of dumping their DLLs into the sys- 
tem32 directory. As a result, if you load an 
application that needs a DLL named 
stuff.dll, the chances are good that the 
application will copy the DLL to the sys- 
tem32 directory. If you load another appli¬ 
cation that also needs a DLL called stuff.dll, 
the second application’s installer will glee¬ 
fully overwrite the first application’s 
stuff.dll file. Consequently, the newer 
application will run perfectly, but the older 
application won’t work. 

Microsoft is trying to fix this problem 
by asking vendors to keep their DLLs out 
of common areas. In fact, in about a year, 
any vendor wanting to put the Designed 
for Windows logo on its software must put 
its DLLs in the proper place. 

In addition, Microsoft will offer code¬ 
signing verification to prevent intentional 
overwriting of DLLs. In code-signing ver¬ 
ification, a public-key authentication 
method lets the operating system verify at 
runtime that the code about to run is the 
code signed by Microsoft, Lotus, or 
whomever. (Because code-signing verifica¬ 
tion will be a bit cosdy CPU-wise, this fea¬ 
ture will probably be optional on NT 5.0.) 

An erased file is another common cause 
of headaches for support specialists. For 
example, suppose that you accidentally 
erase a program file for Word, but you don’t 
realise it. If users try to subsequently open 
Word with previous NT versions, they will 
get an error message. With NT 5.0, how¬ 
ever, Word will just reinstall itself. Microsoft 
refers to this concept as self-healing appli- 




cations. A new installer technology, the 
Microsoft Installer (MSI), makes self-heal¬ 
ing applications possible. 

MSI: A Better Installer 

With MSI, applications will not only per¬ 
form self-diagnoses to detect internal fail¬ 
ures, but will also fix those failures through 
reinstallation. Based on your past experi¬ 
ences with reinstallation, you might expect 
a screen that says something like, 
“Welcome to Setup for Word for 
Windows” and then be bombarded with 
the usual 15 dialogue boxes that accompa¬ 
ny setup programs. Fortunately, the appli¬ 
cation performs a silent install. MSI doesn’t 
assail you with the usual setup questions 
because you pre-answer all of them. 

To be self-healing, applications will 
need to be MSI compatible. In other 
words, an application must include a file 
with the extension .msi that contains all 
the information necessary to install that 
application. MSI reads this information and 
reinstalls the application. 

The MSI file is also called a package, a 
term familiar to Microsoft Systems 
Management Server (SMS) administrators. 
SMS administrators use packages for hands¬ 
free (i.e., installs without showing dialogue 
boxes) remote installation of applications. 

With packages, however, you must 
write a script that automates the keystrokes 
and mouse clicks that a user ordinarily 
makes when installing the software. Most 
scripts are not much fun to write and tend 
to be fragile. A few vendors have made this 
task easier by designing their applications’ 
setup programs to accept simple ASCII 
files that contain the answers to Setup pro¬ 
gram questions. Thus, you just create an 
ASCII file rather than messing around 
with scripting languages. But no two ven¬ 
dors use the same kinds of scripts, so if your 
enterprise uses 10 packages, the best you 
can hope for is learning 10 setup file for¬ 
mats so that you can create 10 application- 
specific ASCII files. The worst case is if 
none of the vendors use setup files, forcing 
you to write 10 different script programs. 

With MSI, however, the process is 
much simpler.You just need to answer sev¬ 
eral questions to create a setup package and 
then save it as an MSI file. The setup file 
format will most likely be the same in all 


vendors’ applications because Microsoft 
created a unified table-driven method for 
answering setup questions. Microsoft 
developed this method with other software 
developers, so most new applications will 
be MSI compliant. 

Why are independent software vendors 
supporting MSI? Because MSI supports 
ZAW, and a lot of big clients want ZAW. In 
addition, vendors’ applications won’t quali¬ 
fy for the Designed for Windows logo 
without MSI support. 

Besides using MSI for self-healing 
applications, you can use MSI for installing 
and removing programs. Suppose you want 
to distribute a new word processor, 
WordBlaster, to your users, but you want to 
spend as little time as possible. With MSI, 
all you do is assign the application to an 
NT group, such as Everyone. 

What does assign mean? Under 
NT 5.0, you can centrally modify the Start 
Programs menus of all your users to 
include particular applications, even if 
those applications aren’t on those users’ 
systems. (Currendy, you can centrally con¬ 
trol people’s Start Programs menus with 
system policies. Just like many other ZAW 
features, the assign feature is just an 
enhancement of existing technologies.) 
When users log on, they’ll see a menu 
option for WordBlaster even though you 
have not installed WordBlaster on their sys¬ 
tems. When they try to start WordBlaster, 
the operating system realises that 
WordBlaster isn’t properly installed and the 
self-healing application process kicks in. 

At this point, you might be wondering 
about what permissions you’ll have to give 
users - after all, users must have a fair 
amount of power over their workstations to 
install applications, right? Not quite, 
because the user doesn’t install the software, 
MSI does. But don’t be surprised if a whole 
new class of NT security holes develops 
once hackers figure out how to build a 
command prompt that runs in MSI space. 

Besides assigning an application, you can 
get an application into the ZAW world in 
two other ways. You can make an applica¬ 
tion generally available by publishing it in 
the Active Directory (AD). The application 
doesn’t go into the AD. Rather, the AD con¬ 
tains the instructions about where to find it. 
When users start the Install New Programs 


wizard in the Control Panel, they’ll see that 
list of programs. Another way to make an 
application generally available is through the 
Class Store. For information on how the 
Class Store works, see my article “Forging 
NT’s Future,” page 46. 

Removing a program is as simple as 
installing one. Say you want to discard a cur¬ 
rent Word application because you want new 
settings. But if you remove and then reinstall 
an application, it remembers all your settings 
from the first installation. Clearly, the 
removal process doesn’t include cleaning out 
the Registry settings relevant to Word. 

With MSI, this situation changes. When 
removing a program, MSI will delete all 
files relevant to an application and all 
Registry entries. 

MSI and IntelliMirror work well 
together. Suppose Sally, a WordBlaster user, 
tries to run WordBlaster, but it’s not yet on 
her machine. NT 5.0 uses the MSI package 
you prepared to install WordBlaster quickly 
and silently. You set up WordBlaster with a 
network installation option, so no files go 
on Sally’s machine. Instead, they’re all on 
her space on the network, so the data can 
roam with her more easily. Despite working 
on the network, WordBlaster runs quickly 
for Sally because her workstation is running 
from the program files in the local Intelli¬ 
Mirror cache. Furthermore, if the server’s 
down, Sally can still get work done because 
her workstation is using the local cache. In 
the meantime, you can update and install 
patches on WordBlaster more easily because 
the application is on the server. 

SIS: A Smart Idea 

If2000 users all install WordBlaster and it’s a 
network install, will you end up with 2000 
copies ofWordBlaster on the server? Don’t 
run to your stockbroker to buy Seagate 
stock just yet. ZAW avoids having 2000 
copies with the Server Intelligent Storage 
(SIS) server-side program. With SIS, you 
designate a section of a server’s storage as an 
SIS area. When a user saves a file to that 
server, the server checks the file against the 
other files in the SIS area. If that new file is 
identical to an existing file, SIS doesn’t save 
a second copy of the file. Rather, SIS just 
stores a directory entry for that file. 

SIS sounds like a very cool technology, 
but I wonder about how CPU intensive 




it’ll be. My guess is that adjusting SIS sizes 
will be one of the great tuning pastimes of 
NT 5.0 Server administrators. 

What does SIS mean for laptops? 
Suppose you are a PowerPoint user and 
you set up PowerPoint to run from the 
network. What happens when you take 
your PowerPoint on the road? 

In theory, SIS will work effectively 
because when you run PowerPoint on the 
network, IntelliMirror copies the 
PowerPoint program files into the local 
IntelliMirror cache. So when you’re on the 
road, the program files will be available. In 
reality, however, you can run into trouble. 

If you’ve never used PowerPoint’s 
Rehearse Timings feature before, you 
might get into trouble the first time you 
use PowerPoint on the road. PowerPoint 
will request the file rehearse.dll - and 
it will not be in the cache because 
your system never requested the file 
before. Your laptop will respond by trying 
to reinstall (i.e., self-heal) PowerPoint 
because you originally installed the af 
cation from the network.. From this p< 
the problems will escalate. 

Another way in which you might J 
into trouble is if you used numerous nt 
work files before leaving the office, causing 
IntelliMirror to flush the PowerPoint files 
from the cache. (If you use more files from 
the server than you have hard disk space 
for, IntelliMirror determines which files 
are important. It keeps the important files 
and lets the others expire out of the cache.) 

You can avoid both problems by pin¬ 
ning PowerPoint in the cache. If you know 
that you’re going to need a particular 
application, you pin it, which tells 
IntelliMirror to collect all the files that the 
application might need and keep those files 
in the cache. In other words, pinning a file 
tells IntelliMirror not to let that particular 
file expire out of the cache. 

BIOS: The Piece de Resistance 

There’s only one other feature left that 
would make ZAW ideal - and that’s to 
install an entire operating system from a 
central location. Microsoft envisions that 
ZAW will be able to provide this capabil¬ 
ity. Consider the following scenario: 

It’s 8:00 a.m. You come to work and 


turn on your computer, Sparky. A funny 
noise comes from the hard disk, and 
smoke comes out the back. A quick 
inspection of the melted SIMMs and 
cratered CPU inside leads you to believe 
that Sparky’s computing days are over.You 
were planning to get some work done, but 
installing and configuring NT 
Workstation, the Office Suite, and assorted 
other applications will now occupy most 
of your day. 

With ZAW, the day will proceed differ¬ 
ently. After your quick inspection of 
Sparky, you tell your network administrator 
about the casualty. You then say good-bye 



to Sparky and search for a computer that 
no one is using. You find a vacant comput¬ 
er and log on. Because all your applications 
are ZAW compliant and you keep your 
data in My Documents, all of your applica¬ 
tions and data are available. MSI performs a 
couple of silent installs, and you are back in 
business in a half-hour. 

Meanwhile, the network administrator 
takes a new computer out of the box and 
assigns it to you. She tells the network that 
you have a new computer, identifying it to 
the network. She then brings this comput¬ 
er to your office, plugs it into Sparky’s old 
Ethernet jack, and turns it on. 

The new computer is either a NetPC 
or a regular PC that follows the PC98 
specification, so it has a smarter BIOS than 
most PCs have. The PC BIOS includes 


support for network cards, the Dynamic 
Host Configuration Protocol (DHCP), 
and the Trivial File Transfer Protocol 
(TFTP). When the PC powers up, the 
BIOS knows enough about the network 
card to use it to get the PC an IP address 
via the DHCP. With the other DHCP 
information, the new computer gets the 
address of an install server. The new com¬ 
puter then sends a request for configura¬ 
tion to the install server. The install server 
checks a database to determine which 
operating and system applications this 
computer needs and assembles the neces¬ 
sary files.The install server then uses TFTP 
to transfer the files to the new PC. In no 
time, the new computer works as well as 
old Sparky did, maybe even better. 

How did the install server know that 
' this new computer was your’s? PCs with 
ILthe improved BIOS have a globally unique 
t ID (GUID), which an administrator can 
use to identify that PC to the install serv- 
er.With GUID, you can configure systems 
oti'a user-specific basis. For example, 
jjRstead of specifying that a particular PC 
'gets Windows 98, you specify that a par¬ 
ticular user gets Win98. When that user 
logs on, the system installs Win98. 

In fact, each time users log on to a sys¬ 
tem, that system will do a fresh install of 
their operating system and applications. A 
fresh install might sound like a lot of work, 
but 999 out of 1000 of these installations 
will take almost no time because all the 
files will already be in the local 
IntelliMirror cache. 

Fortunately, you don’t need new PCs to 
run the improved BIOS. You just need a 
bootstrap floppy to get the process rolling 
the first time. 

Worth the Wait 

Computer support specialists have waited a 
long time for an initiative such as ZAW 
But, with central control of machine and 
application installation and configuration, 
it should be worth the wait. 

But central control and all of ZAW’s 
other features will work only if the appli¬ 
cations vendors go along with ZAW 
More important, ZAW will work only 
with one operating system - that is, you 
must run NT 5.0 on all your desktops. □ 
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Microsoft Exchange and the X.400 Connector 

by Bill Kilcullen 


a ith most of the market hype centred around 
upcoming products and new technology, not 
much is often said of utilising existing technol¬ 
ogy in the best manner possible. One technol¬ 
ogy partnership that allows you to do so is that of 
Microsoft Exchange and the X.400 connector. While 
this combination won’t save the world from certain 
destruction, nor will it even whip each other into 
submission, it will help you battle the forces of high traf¬ 
fic and slow connections. 

You don’t have to partner Exchange with the X.400 
connector. You can use several different types of connec¬ 
tors to establish communications between an Exchange 
server and other Exchange server sites or between an 
Exchange server and other messaging systems. In fact, one 
commonly used connector is the site connector. But the 
X.400 connector can provide several distinct advantages 
over the site connector. 

Why Is the X.400 Connector Better? 

Why use an X.400 connector and not a site connector? 
Although some experts will tell you that the site connector 
is easier to configure, works faster in sending messages, and 
has been optimised for intrasite communication, you can 
find several reasons for using an X.400 connector instead. 

The first reason is that Exchange uses connectors 
between sites for more than messages. Directory updates, 
public folder data, and system status messages all flow 
across site boundaries through the configured connector. 


The X.400 connector lets you schedule the transfer of such 
updates, data, and messages ftom your network to another; 
the site connector does not. The ability to schedule trans¬ 
missions can be critical. For example, if you incur costs 
when using the available network bandwidth during a 
certain time, the X.400 connector can help you minimise 
costs by scheduling your message-transfer activities around 
that time. Or, if you compete with other applications for 
network time, you can arrange to send large amounts of 
data across WAN links during off-peak times. 

Using a set of X.400 connectors between your 
Exchange sites will also provide the immediate benefit of 
better message tracking and tracing capabilities. X.400 
message logging is far more detailed than with site 
connectors. More detailed logs can help you determine 
message paths and troubleshoot problems. 

Another reason to use X.400 is that the site connec¬ 
tor uses remote procedure calls (RPCs). If a network has 
unreliable or slow finks between sites, RPCs can cause 
timeouts. In contrast, the X.400 connector doesn’t use 
RPCs to communicate with other 
systems, so you can use it for any 
network - including slow and unreli¬ 
able ones. 

Finally, an X.400 connector not 
only finks your various Exchange 
sites, but it also finks your system to 
the world of X.400 messaging. Most 
Fortune 1000 companies support 



www.winntmag.c 








A Dynamic Duo 










X.400 as the message transfer protocol for 
communications between companies and 
within a company. International companies 
also endorse using X.400 because it 
supports expanded character sets and has 
attachment handling capability. 

Now that you know the benefits of 
using an X.400 connector, here are some 
insights into installation and configuration. 
These insights will help ensure a successful 
installation. 

Insights into Installation 
and Configuration 

Before you can install an X.400 connector, 
you need to understand how it interacts 
with a network. The Open Systems 
Interconnect (OSI) seven-layer model in 
Figure 1 illustrates this interaction. 

The model brings to fight several 
important characteristics. First, the model 
points out that you need a pair of connec¬ 
tors between any two sites to be connected 
in Exchange. For example, to connect a site 
in Sydney with a site in Melbourne, you 
need at least two X.400 connectors. 

Second, the model illustrates Ex¬ 
change’s layered approach to putting ap¬ 
plications on the network. Each layer relies 
on the underlying layer for services. If a 
lower layer is missing, the system halts at 
that point. Thus, you need a bottom-up 
approach to building applications. 

Third, the model shows that you need 
the appropriate protocols before you can 
build an application. In the case of the 
X.400 connector, you need both a 
network protocol (because Exchange relies 
heavily on the Windows NT server for 
network services) and a transport protocol 
(because the X.400 is an OSI application). 
The X.400 connector supports three 
network protocols: IP, Connectionless 
Network Protocol-OSI (CLNP-OSI), and 
X.25 protocol. It also supports three trans¬ 
port protocols: TCP; OSI Transport 
Protocol, class 4 (TP4); and OSI Transport 
Protocol, class 0 (TPO). 

Table 1 shows how you can pair the 
transport and network protocols. You are 
likely familiar with the famous Internet 
pair of TCP/IP. Originally used as a WAN 
protocol, TCP/IP is rapidly becoming the 



■ FIGURE 1: The OSI Seven-Layer Model 

LAN protocol of choice for company 
intranets. Request for Comments (RFC) 
1006 defines how to run X.400 messaging 
over TCP/IP. 

X.25 is aWAN and OSI protocol. As an 
OSI protocol, X.25 provides network 
services to OSI transport classes TPO 
through TP4.TP0 provides a lower level of 
service than does TP4, which is why TPO 
runs over X.25, a very robust, connection- 
oriented protocol. Similarly, TP4 runs over 
CLNP because CLNP is a less robust, 
connectionless protocol. 

Although you can use all three pairs, 
my experience is that TCP/IP is the best 
choice when you’re using a pair of X.400 
connectors to fink two inter nal Exchange 
sites. When you use X.400 connectors to 
fink an internal Exchange organisation to 
the outside world, the TPO and X.25 pair 
is the best because X.25 is the most used 
in the interconnection area. (TCP/IP is 
gaining popularity in this area, however.) 
Trailing the field is the TP4 and CLNP 
pair. The reason is simple: few systems have 
implemented the CLNP network proto¬ 
col, and as a result, it suffers from a lack of 
presence. Given the Internet’s and TCP/ 
IP’s growing popularity, TP4/CLNP will 
probably soon disappear altogether. 

Enough theory - now it’s time to get 
into the mechanics of installing and 
configuring X.400 connectors. (But if you 


want to learn more about the OSI model 
or X.400, you can download the osi.hlp 
and x400.hlp files from http:// 
www.winntmag.com.) The following 
examples show you how to install and 
configure connectors between two internal 
Exchange sites and between an internal 
Exchange site and an external X.400 
messaging site. 

Installing Connectors 
Between Two Internal Sites 

Suppose you want to fink your two 
Exchange sites in Sydney and Melbourne 
with X.400 connectors. A WAN connec¬ 
tion runs between the two sites, and NT 
servers are running TCP/IP as the proto¬ 
col of choice. You have already installed 
Exchange 5.0 on NT Server 4.0. Because 
your system uses Windows Internet Name 
Service (WINS) and Dynamic Host 
Configuration Protocol (DHCP), you use 
host names for the configuration. You 
decide to install the X.400 connectors 
using the TCP/IP transport and network 
protocols.You can install the connectors in 
three steps. 

Step 1: Install a transport stack. From the 
Exchange Administrator, click File, New 
Other, and MTA Transport Stack. Select the 
TCP/IP MTA Transport Stack option and 
your server from the configuration window. 
Let all stack options remain at their default 
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rallies. Click OK. 

This step is deceptively simple because 
rou have already addressed many of the 
letworking issues when you installed the 
sTT TCP/IP network. At this point, you 
ire merely linking the Mail Transfer Agent 
MTA) into the network. Because you are 
;oing from one Exchange server to 
mother, you do not need to make any 
ither parameter changes in the administra- 
ion program. 

Although this step is simple, you need 
:o be aware of one possible glitch. You 
nust create a transport stack first. If you 
ion’t, you will get an error message telling 
fou that no transport stack exists. If you 
ilready have a different transport stack 
ireated, you will still want to create a 
rCP/IP transport stack. 

Step 2: Create an X.400 connector and link it to 
the TCP/IP transport stack. From the Exchange 
Administrator, select File, New Other, and 
X.400 Connector. Next, choose the TCP/IP 
X.400 Connector, and then click OK. For 
each property page, fill in the appropriate 
values following the guidelines shown in Table 
2. For the last value of address space in Table 
2, you need to check your system 
configuration. For example, for the setup 
shown in Screen 1, a valid X.400 address 


The Pairing of the Protocols 

Transport Protocol 

Network Protocol 

TCP 

IP 

TPO 

X.25 

TP4 

CLNP 

■ Table 1: 


space is < c—US, a= , p=Satellite Group, 
o=EXCHANGE>. The MTA name is 
SATELLITE, which is the NT server name 
in the configuration. 

Once you enter the appropriate values, 
click OK to return to the Exchange 
Administrator Mail window. You will 
receive a warning dialogue box that alerts 
you to the necessity of configuring both 
sides of the connection before messages 
will be sent successfully. This message 
means that you will need to configure an 
X.400 connector and TCP/IP MTA stack 
on the system at the other site. In other 
words, you need to repeat steps 1 and 2 at 
the other site. 

Step 3: Establish directory replication between 
the sites. After you have installed both of the 
X.400 connectors, you need to establish 
directory replication by configuring a 
directory replication connector. To begin, 
select File, New Other, and Directory 
Replication Connector from the Main 
Admin Program screen. Next, select the 
remote site name from the list, and type in the 
server name of the target server at the remote 
site. Select No, the Remote Site Is Not Available 
on this Network, and click OK. 

At this point, you will see the 
Directory Replication Connector 
Properties dialogue box shown in Screen 
2. Change the Display name and the 
Directory name from the default names to 
names that are meaningful within your 
organisation; for example, X400Directory 
and X400Directory, respectively. (If possi¬ 
ble, make the display and directory names 
the same to avoid confusion.) Next, in the 
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Site Name box, list the remote site that 
you are connecting to (i.e., the site you 
want to replicate directories with). For the 
local and remote bridgehead servers, you 
can change the target servers if you have 
multiple servers at each site. It is important 
to understand that, at this point, you are 
configuring one server at each site that 
will act as the focal point for directory 
updates between the local servers at the 
main site and the target server at the 
remote site. Instead of having all servers in 
each site freely replicating with each other, 
you are assigning certain servers this 
responsibility in an effort to efficiently use 
the fink between sites. 

After you enter the correct properties, 
click the Schedule tab. For testing 
purposes, choose Always, which triggers 
update requests to the remote server every 
15 minutes. Once the X.400 connection is 
working, you can choose a button that best 
reflects your desired schedule for directory 
updates. However, do not select Never 
because this selection will disable replica¬ 
tion for this connector. 

If you want to configure a directory 
replication hub, click the Sites tab. Specify 
which inbound sites you want updates 
from and which outbound sites you want 
to send updates to. Click OK; you now 
have a Directory Replication connector 
established between the main site and the 
remote site. 

If you click on the main site and then 
Expand Configuration in the Main Admin 
Program screen, the connector you just 
established will appear under the Directory 



■ SCREEN 1: 

Checking your system 
configuration to develop 
an address space 


■ SCREEN 2: 

Changing several 
parameters in the 
Directory Replication 
Connector Properties 
dialogue box 
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Enter descriptions in the Display name and 
Directory name fields. Type a name (up to 64 
alphanumeric characters) for the connector (e.g., 
X.400-TCP/IP to Colorado). 



Exchange system, you don't need to use these 
parameters. (However, if you connect to another 
X.400 system, you might need to specify a 
parameter.) 



Schedule 


Stack 


Enter the name of the remote MTA. This is the 
MTA that you will be connecting to in the other 
site or network. If the remote system is also an 
Exchange server, the remote MTA name will be 
that remote system's NT server name by default 

Enter password (optional). If used, the password 
must match the remote MTA configuration. The 
password is case sensitive. 

Ensure that the MTA Transport stack is set to 
TCP/IP. If you installed other stacks, they will 
appear in this list box. 

Make no changes. The Permissions tab appears 
only if the Show Permissions Page for all Objects 
box is set to on. The default is off. (You can 
access this parameter by going to the Main Admin 
Program screen; selecting Tools, Options, and 
Permissions; and checking the appropriate box.) 

Verify that the Schedule is set to Always for 
testing purposes. Once the X.400 connector is 
operational, you can change the setting to reflect 
your connect schedule. 

Enter the remote host name (computer name). If 
you are not using DHCP/WINS, you will need to 
create an entry in the local hosts file or specify 
the IP address of the remote system you want to 
connect to. 

Do not specify T, S, or P selector information. 
Because you are connecting to another 


Override 


Make no changes. You can override the default 
MTA name if required, but this action is usually not 
necessary when you are connecting Exchange 
sites (unless you are going through a carrier). 



Connected sites 


Make no changes. You need this option only for 
directory replication between multiple sites and 
connectors. 


Advanced 


Make no changes. You need this option to 
configure the level of X.400 support. 


Delivery 

restrictions 


Make no changes. You only need this option 
only to control access through the connector on 
account basis. 


Address space 


Create a new X.400 address space. The address 
space defines the address type and format This 
information identifies messages destined for 
another site or network. To create a new X.400 
address space, enter values for the fields listed 
below: 

Organisation = <Remote Site Name> 

Private management domain = < Exchange 
Organisation Name> 

Administrative management domain name = 
<SPACE> 

Country = <your country> 

Note that when you type in the administrative 
management domain name, Exchange already 
places <space> in this field, so you need to en¬ 
sure only one space exists before proceeding. 



Leave all other fields blank or at their default value. 


Replication icon. The Main Admin 
Program screen will also show the remote 
site once the connector runs the first time, 
even if it is unsuccessful at establishing 
contact with remote site. The local copy of 
the directory will also contain the Site and 
Configuration objects. Depending on 
network bandwidth and availability, the 
time to complete replication will vary. 
Because this link is remote, do not expect 
instant gratification. 



Installing and Configuring 
Connectors Between an 
Internal and External Site 

Suppose you want to link your Exchange 
organisation site in Melbourne with an 
X.400 messaging system in Wollongong. 
You decide to install an X.400 connector 
using the TPO and X.25 transport and 
network protocols. After you install and 
configure the underlying software and 
hardware, you can install and configure the 


X.400 connector in three steps. 

Step 1; Install the EiconCard and software. 

Eicon Technology (http://www.eicon.com) 
supplies the software, WAN Services for NT, 
and the interface card you need to connect 
your system directly to X.25 interconnect 
services. The procedure to install the Eicon 
software and card depends on which version 
of the software you have. With version 2.x and 
greater, you simply insert the card into the 
appropriate slot in the PC and load the CD- 
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■ SCREEN 3: 
Matching parameters in 
the WAN Services - 
Configuration screen 


DM, letting NT find the hardware and 
‘ompt you to install the software. With the 
x version, you might need to add the Eicon 
iftware and card to your NT server in the 
aditional manner of using the Network 
strings portion of the Control Panel, 
tep 2: Configure the EiconCard and software, 
he Eicon configuration program is a 
raphical program that is easy to navigate and 
»e. Even better, you need to configure only 
/AN services, making the configuration 
rocess relatively painless. 

To begin, go to the WAN Services - 
Configuration dialogue box shown in 
creen 3. Under WAN Services, you will 
nd configuration settings for High-Level 
rotocols, X.25, HDLC, and Direct for 
ich installed card. These settings must 
latch the parameters set by the network 
:rvice provider. Thus, you will need the 
showing information before you config- 
re WAN Services: 

• Node type: most nodes are data termi¬ 
nal equipment (DTE). Most modems 
are data circuit-terminating equipment 
(DCE). The node type determines, 
among other things, what types of 
control signals pass on the wire and 
which of the devices is responsible for 
providing those control signals. If you 
configure both the node type and 
modem to be DTE or DCE, confusion 
will result at the hardware level and the 
end systems will not communicate. 
People often make this error, especially 
when they read the RS232 definition 
of DTE and DCE. 

• DTE address: this address is analogous 
to your network phone number. Your 
network service provider can provide 
your DTE address. 

•Type and number of virtual circuits: 
with X.25, you can have multiple 
virtual circuits on one physical connec¬ 
tion, usually in multiples of four. (The 
charge for service increases accord¬ 
ingly.) Most standard configurations 
contain four virtual circuits. 

• Packet sizes (minimum and maximum 
allowable): these parameters must match 
the network service provider’s specifica¬ 
tions. If the parameters don’t match, 
excessive negotiation and timeouts can 


lead to failed connections and circuit 
delays. 

•Window sizes (minimum and maxi¬ 
mum allowable): the window size spec¬ 
ifies how many outstanding packets that 
require acknowledgement can be sent 
before the sending system requests 
acknowledgement. These parameters 
must match the network service 
provider’s specifications. Improper 
settings can cause significant transmis¬ 
sion delays. 

In addition to needing this information to 
configure WAN Services, you will need it 
for another reason. X.25 network services 
providers often require you to submit a 
detailed, preinstallation configuration 
document that contains these parameters 
and addresses. 

Step 1: Install a new MTA Transport Stack. 

Assuming that you already have installed 
the TCP/IP MTA Transport Stack and 
Eicon’s WAN Services for NT, you need to 
add a new transport stack: the Eicon X.25 
MTA Transport Stack. From the Main 
Admin Program screen, select File, New 
Other, MTA Transport Stack, and Eicon 
X.25 MTA Transport Stack. Select the 
local server, and then click OK. The Eicon 
X.25 General Properties page will appear. 
You can either accept the default name or 
change it. Fill in the X.121 Address field 
with the number your service provider 
supplies you. (Your service provider might 
refer to this number as the DTE or data 
network identification code - DNIC - 
address.) Often, you can leave the Call 
User Data, Facilities Data, and OSI Address 
boxes blank. (Your service provider will 
have this information, if you need it.) 

The T, S and P selectors on the General 


Properties page distinguish among multiple 
software stacks running on a host system 
and are required when you’re connecting 
to many computer systems for the 
purposes of transferring X.400 messages. A 
nice feature of the General Properties 
configuration page is the Hex and Text 
buttons. If you select Hex, Eicon X.25 will 
display T, S, and P selector values in hex. If 
you select Text, Eicon X.25 will display the 
selector values in US ASCII text. 

On the General Properties page, select 
the I/O port associated with the Eicon card 
installed (usually port 1.) Select the Leased 
Line button for direct connection via a 
leased circuit. Select OK. You will see that 
your choices now include a TCP/IP X.400 
connector and an Eicon X.25 X.400 
Connector. Congratulations, you now have 
installed multiple transport stacks with NT 
Server and linked them to Exchange. □ 
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W hile Windows NT is rapidly gaining accep¬ 
tance in most market sectors, it has always been 
a bit player when it came to banking.While it’s 
been suitable for front-end systems in small branches, 
which is where OS/2 made its mark, it has never come 
close to handling the core of a bank’s business. Until now. 

The catalyst for this change has been an Australian 
company called Financial Network Services (FNS). One 
of the top six companies worldwide for building core 
banking systems, it released a Windows NT version of its 
BANCS system last October - and expects to start making 
NT sales this year. 

“Traditionally, banking systems run on very large 
mainframes and IBM’s proprietary operating systems - 
MVS and operating systems such as that - are highly stable 
and mission critical and we believe now that Windows 
NT is approaching that capability as well,” says Tony Ward, 
managing director of FNS. “It may not be quite there yet 
but, within the foreseeable future, it certainly will be the 
equivalent of any other operating system.” According to 
Ward, that foreseeable future is only 12 months away, 
when NT 5.0 and SQL Server 7 is released. 

As can be surmised by its name, a core banking system 
does just that - the core of a bank’s processes. This 
includes maintenance, accounting and recording of 
customer transactions, as well as interest calculations, fees 
and charges, statements and so forth. “It covers the whole 
gamut of retail, treasury, trade and the corporate account¬ 
ing part as well as supporting EFT facilities such as ATMs, 
Internet capabilities and e-commerce,” Ward explains. 

E-commerce is a technology that Ward feels strongly 
about, stating that it will become a cornerstone of banks’ 
operations rather than just being a fad. “A fad is something 
that doesn’t deliver a real saving on the bottom line of the 
business, whereas things such as the Internet and e- 
commerce will deliver a real cost saving on the bottom line 
and as a result we’ll see an uptake of it over time,” he says. 

“There’s a wave of enthusiasm for delivering product 
and service via Internet capabilities. It’s critical for banks 
these days because they are under enormous cost pressures 
- there aren’t as many opportunities as there used to be, 
and so banks around the world are finding that they have 
to operate their businesses on smaller and smaller margins. 
As a result banks are looking for alternate delivery mech- 


managing director of FNS 

anisms that allow them to sell and support their services at 
a much lower unit cost than they currently enjoy. It is 
extremely expensive for a bank to run a bank branch - a 
bricks and mortar branch is a very expensive proposition 
- next in line are ATMs, cash dispensers and kiosks, which 
are expensive but not as expensive as branches. In comes 
things such e-commerce and the Internet, which are 
significandy cheaper than the other two delivery mecha¬ 
nisms. So, as a natural progression, banks will move towards 
electronic delivery where and when they can as a method 
of lowering their costs in the delivery of the products and 
services that they selj.” 

As banking systems around the world have to change to 
accommodate electronic commerce and tighter financial 
pressures, Ward believes that Windows NT will grow in the 
banking sector. “In the longer term Windows NT will be 
one of a handful, and arguably one of only two operating 
systems, that may survive in the future,” he says, with MVS 
being the other operating system likely to survive. 

While Ward believes Unix will be around for a long 
time, he sees FNS’s Unix customers moving over to 
Windows NT during the next three years, primarily 
because of its user friendliness. 

“Unix is not one operating system, it’s half a dozen 
different flavours of the same animal, with support that 
must come from half a dozen different suppliers. NT 
comes from a single supplier — that supplier not only 
supplies the operating system but has the capability to 
support the database and the associated toolsets that go 
around that product;. In a Unix environment that’s not the 
case and probably never will be. So, from a user’s perspec¬ 
tive, it becomes a lot simpler, arguably a lot cheaper and a 
lot more effective for a user to deal with one supplier who 
supplies all that architecture and underlying technological 
infrastructure that’s necessary,” Ward says. 

“In addition, the majority of the users we have on the 
Unix boxes that are out there actually don’t need to 
replace their hardwire to use Windows NT as the operat¬ 
ing system. That’s one of the real strengths of NT - the 
customer base can switch between NT and Unix, depend¬ 
ing on the hardware platform they’re running on, rela¬ 
tively painlessly. That same switch isn’t there when you 
consider an IBM MVS environment - not at this stage, 
until Bill Gates gets it running on a System 390 platform.” 
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iirectory service communications (see my article “LDAP 
nd the Future of Directory Services, Part 1,” 
)ecember/January 1997/1998). Currently, the Internet 
ingineering Task Force (IETF) is working on LDAP 3. 
The most recent rewrite is LDAP 3.3.To keep abreast of 
levelopments, check the University of Michigan’s LDAP 
Veb site at http://www.umich.edu/~rsug/ldap/ 
iap.html.) LDAP 3 defines additional features that will 
;t the protocol more effectively communicate with dif- 
srent directory services. 

Although LDAP 3 is still in development, the big three 
n the networking industry - Netscape, Novell, and 
Microsoft - have already committed to its use for their 
ndividual directory service products. This second install- 
nent of this two-part series examines how these vendors 
re implementing LDAP in their directory service solu- 
ions, each of which is at a different stage of development. 
Comparing these three LDAP implementations - 
Novell’s LDAP Services for Novell Directory Services 
NDS), Netscape’s Directory Server 3.0, and Windows 
STT 5.0 Active Directory (AD) - demonstrates the proto¬ 
n's flexibility in different environments and provides 
idditional insight into the directory services. 

Novell Directory Services and LDAP 

Sfovell has a considerable advantage over Netscape and 
Microsoft because its directory service solution has been 
an the market since 1993. This product was originally 
tailed NetWare Directory Services because Novell 
designed it to store information about NetWare 
resources. Novell expanded its utility, however, so that it 
would store information about the entire enterprise net¬ 
work. To reflect this expansion, Novell changed the name 
to Novell Directory Services in 1996. 

Novell largely based NDS on the X.500 directory stan¬ 
dard. NDS uses the same organisational principles, many 



of the same object classes, and a slighdy altered namespace. 
Like X.500, NDS is a distributed directory that lets users 
see data stored on multiple servers as a uni¬ 
fied set. 

NDS differs 
from X.500 
in one important 

respect, however. The communication between the 
servers follows the NetWare Core Protocol. NCP 
Novell’s proprietary IPX protocol for its net¬ 
work layer services. 

As part of the effort to expand NDS’s functionality 
beyond the NetWare OS, Novell has released versions 
that run on UNIX and promises an NT version before 
the year end. At this time, however, NetWare servers most 
often host the directory service. With NetWare servers, 
you can use Novell Administrator for Windows NT to 
replicate NT domain user information into an NDS tree. 


Using LDAP Services for NDS 

Because of the extensive period of development, deploy¬ 
ment and real-world directory service experience, 
Novell’s adaptation of NDS to use LDAP was a relatively 
small task compared to Netscape’s and Microsoft’s efforts. 
In late 1996, Novell released its LDAP Services for NDS, 
a NetWare loadable module (NLM) that publishes NDS 
data to LDAP clients on the Internet or an intranet. 

NLM uses LDAP 2, which the IETF publishes as 
Request for Comments (RFC) 1777. Clients can use 
NLM to access any information stored in an NDS direc¬ 
tory, but they can’t access non-X.500 directories. 

To overcome this disadvantage, NLM adds manual 
mapping functions to the NDS database. While NDS is 
based on the X.500 standard, its schema specifies different 
names for certain objects and attributes, even when the 
objects and attributes perform the same function as those 
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in X.500. Therefore, you must reconcile 
these names for the LDAP server module 
to effectively communicate with NDS. For 
this purpose, Novell includes object class 
and attribute mapping functions in the 
LDAP Services for NDS configuration 
screens. (In the future, LDAP 3 will let a 
directory publish its schema as part of the 
communications process.) 

Letting network administrators manual¬ 
ly map NDS object classes and attrib¬ 
utes to specific LDAP equivalents, as 
shown in Screen 1, provides two 
important advantages. First, you can 
extend the directory schema. If an 
application has new NDS object 
classes or if existing object classes have 
new attributes, you can make these 
new elements available to LDAP 
clients. Conversely, you can use man¬ 
ual mapping to limit the objects and 
attributes available to LDAP clients. 

For example, suppose you want to let 
customers use an LDAP client over 
the Internet to access employee tele¬ 
phone numbers and email addresses 
stored in a directory, but you want to 
prevent them from seeing confidential 
object information. By mapping only 
selected attributes, you control the 
information available to LDAP clients 
without the need for authentication. 

The second important advantage is 
that LDAP Services for NDS provides 
access control. NDS security operates 
at the server level by letting users bind 
to the directory either with their stan¬ 
dard NDS user names or anonymous¬ 
ly with a proxy user account (a single 
access account that all users share). If 
users bind to the directory with their 
standard NDS user name, the pass¬ 
words are not encrypted. To remedy 
this problem, you can use LDAP’s access 
control fists (ACLs) to restrict access to the 
directory at the client level. ACLs let you 
specify the level of access you want to give 
specific users. As Screen 2 shows, you can 
grant access to specific objects and attribut- 

Although Novell intends to upgrade its 
support for LDAP when IETF ratifies the 
new version, the primary advantage of 
NDS and the LDAP Service for NDS is 



that they are available now. Netscape and 
Microsoft are relying on new technologies 
that have yet to undergo the ultimate test¬ 
ing of real-world use. 

NT 5.0's AD and LDAP 

One of the greatest stumbling blocks to 
the growth of NT as a network operating 
system (NOS) has been the lack of an 
enterprise directory service. Microsoft 



■ Screen 1: Mapping NDS object classes and 
attributes to LDAP equivalents 



■ Screen 2: Using ACLs to grant users access 
to specific objects and attributes 

designed the trusted domain model cur¬ 
rently in use for workgroup and depart¬ 
mental computing. The model lacks the 
features (such as object hierarchy, extensi¬ 
ble schema, and a data distribution strate¬ 
gy) that would make it adequate for large 
networks. Microsoft has been promising a 
more effective directory service since it 
first announced Cairo in 1993, but the 
company doesn’t expect to release this 
product (AD) until NT 5.0 ships. 


Microsoft’s new directory service, AD, 
uses Domain Name System (DNS) locat¬ 
ing technology, X.500 object naming, and 
LDAP communications. In an AD imple¬ 
mentation, the individual domains that 
formed the original NT directory service 
will become DNS domains that are inter¬ 
connected in a domain tree that unifies the 
entire network. 

Communication is an essential part of 
the AD strategy. One of the directory 
service’s most important features is its 
ability to subsume and manage other 
directory services running on the 
same network. This feature lets you 
use the information stored in the AD 
to authenticate user access to applica¬ 
tions, such as Lotus Notes, that main¬ 
tain their own directories. You can 
also replicate object data from other 
NOS-based directory services (e.g., 
NDS) and use AD tools to manage 
that data. 

AD includes subsets of several dif¬ 
ferent communications protocols that 
X.500, LDAP 2, and LDAP 3 use. 
These protocols are part of a set of 
APIs called the Active Directory 
Service Interfaces (ADSI).ADSI cre¬ 
ates interfaces between AD and other 
applications and directory services. 
These interfaces let AD communi¬ 
cate with the existing directories that 
both commercial and custom net¬ 
work applications use. 

LDAP 2 includes a collection of 
low-level C-based APIs (defined in 
RFC 1823) that provide client access 
to an LDAP server. AD supports 
these APIs, but ADSI simplifies the 
programming tasks involved by pro¬ 
viding COM-based APIs. Thus, you 
can use simpler programming and 
scripting languages, such as Visual Basic and 
Perl. 

External providers, such as Kerberos and 
Secure Sockets Layer (SSL) 3.0, provide 
authentication and security for LDAP com¬ 
munications in AD.These external providers 
use a Security Support Provider Interface 
(SSPI) designed to permit the use of other 
compliant providers as they become avail¬ 
able. ADSI also facilitates the creation and 
management of new directory service 
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LDAP Clients and Directory Services 


Although the development of LDAP 3 is proceeding swiftly, few full- 
featured LDAP clients are available. Netscape Communicator’s and 
Microsoft IE’s email applications include a simple LDAP white-pages client 
(and the browser in Preview Release 3 of Netscape Communicator 4.0 
can use the LDAP URL format to display more extensive directory 
information), but you can’t use either client to fully test an LDAP service 
by modifying directory information. 

You can, however, use SWIX, a public domain LDAP-based X.500 client 
created at the University of Umea in Sweden. With SWIX, you can bind 
any LDAP-based directory (such as Netscape Directory Server or an 
NDS server running Novell’s LDAP Service) and add, browse, or modify 
directory entries 

For example, as Screen A shows, you can use SWIX to modify the 
attributes of an NDS user object. After binding (i.e., authenticating) to 
the LDAP Services for NDS using an NDS account with the appropriate 
rights, the user can browse the directory tree by expanding 
an organisational unit to display the tree’s objects. After you highlight an 
object and select Modify from the Directory menu, SWIX shifts into an 
edit mode.You can change any attribute shown before clicking the Update 
button to write the changes to the directory.You can download SWIX 
2.4 from Windows NT Magazines Web site at http://www.winntmag.com. 



■ Screen A: 

Using SWIX to modify the attributes of an NDS user object 


objects, using LDAP to create equivalent 
objects in other participating directories. 

AD supports several different object¬ 
naming systems that let users use the nota¬ 
tion they are most comfortable with to 
refer to directory objects. Apart from the 
distinguished names that LDAP and X.500 
use, AD recognises objects named using the 
RFC 1959 LDAP universal resource loca¬ 
tor (URL) format, the RFC 822 Internet 
naming standard (e.g., johnsmith@my 
corp.com), and the universal naming con¬ 
vention (UNC) that is native to NT. 
Microsoft’s AD strategy centres on the 
assumption that a network uses other 
directory services (such as Lotus Notes or 
NDS) at the application and operating sys¬ 
tem levels. This assumption is shrewd for 
two reasons. First, it puts Novell at a disad¬ 
vantage. Although Novell has a more high¬ 
ly developed NDS directory and a gateway 
for LDAP access to that directory, Novell 
has done little to address the logistical 
issues involved in using that gateway for 
practical purposes. For example, you can 


use Netscape Communicator’s and Micro¬ 
soft Internet Explorer’s (IE’s) email applica¬ 
tions to search for users’ telephone num¬ 
bers and email addresses in an NDS data¬ 
base. But little other functionality is readi¬ 
ly available without custom programming 
- and Novell provides no help (i.e., 
libraries or documentation) in this area. 

In contrast, Microsoft is concentrating 
on developing the tools needed to create 
applications that use AD’s services and on 
adapting existing code to use the more 
flexible ADSL If this strategy is successful, 
application developers will be able to use 
gateways for whatever purpose they desire. 
Microsoft’s success will bring networks a 
giant step closer to the realisation of a sin¬ 
gle, all-purpose directory service. 

Another reason why Microsoft’s 
assumption is shrewd is that it positions AD 
as a clearinghouse for existing network 
directory services. This approach is smart 
because no AD code is available (other 
than an alpha version that lacked many fea¬ 
tures and was limited to use with a single 


domain), and Microsoft doesn’t expect an 
official release until mid-1998. 

If AD lives up to its touted capabilities, 
it will function as a metadirectory for 
products, as shown in Figure l.This ace in 
the hole could help Microsoft regain those 
users who chose another directory service 
solution because they were tired of waiting 
for Microsoft to release its product. 

Netscape's Directory 
Server 3.0 

Of the big three, Netscape has made the 
biggest commitment to LDAP 3 as a direc¬ 
tory service standard. Netscape’s Directory 
Server 3.0 uses an LDAP server as the basis 
for the directory service rather than as a 
gateway to a directory stored on another 
type of server. 

Basing a product on draft standard is 
risky because modifications to the standard 
during the ratification process can easily 
cause the product to be orphaned. 
Flowever, Netscape has hired LDAP’s origi¬ 
nal team of designers from the University of 





























A Metadirectory for 



■ Figure 2: 
The Master/Slave 
Relationship 


Michigan to do the development work. 
Tim Howes, the inventor of LDAP and the 
co-chairman of the IETF working group 
responsible for LDAP 3, is leading the team. 

Directory Server 3.0 contains many of 
the features proposed for LDAP 3, such as 
intelligent referrals, support for SSL and 
Simple Authentication and Security Layer 
(SASL) authentication, and extensible 
schema. The product can also interact with 
the NT 4.0 directory service architecture 
by synchronising NT accounts with the 
LDAP directory or by using NT as an 
alternative authentication medium, in case 
an LDAP directory authentication fails. 

Unlike NDS and AD, Directory Server 
3.0 does not support multimaster replica¬ 
tion. With multimaster replication, you can 
make changes to a particular entry on the 
nearest directory server. This server then 
propagates the changes to all the other 
servers. Instead of using multimaster repli¬ 
cation, Directory Server uses a master/slave 
relationship in which you must make all 
modifications to a particular entry on that 
entry’s master server. The master server 
then replicates changes to the individual 
slave servers, as shown in Figure 2. 

Problems can arise from both processes. 
The most serious problem in multimaster 
replication is the conflict that can occur 
when two users at different locations 
attempt to modify the same directory 
entry at nearly the same time. NDS and 
AD devote considerable effort to avoid this 
problem. NDS synchronises the clocks on 
its servers and applies timestamps to all 
directory communications, whereas AD 
uses update sequence numbers to identify 
its transactions. 

Netscape avoids this problem entirely 
by using a master/slave relationship in 
Directory Server 3.0 but sacri¬ 
fices an important element of scalability in 
the process. In addition, although the mas¬ 
ter/slave relationship prevents the directo¬ 
ry from having to manage the more com¬ 
plex interserver relationships involved in 
the use of multiple masters, this relation¬ 
ship imposes significant delays when you 
must perform directory administration 
tasks from a remote location. 

Directory Server 3.0 provides services 
to Netscape’s SuiteSpot family of servers 


and the Netscape Communicator client. A 
software development kit is available to 
help develop custom LDAP client imple¬ 
mentations. Like NDS, Directory Server 
3.0 relies heavily on application developers 
and custom programming to provide ser¬ 
vices outside of the vendor’s family of 
products. For example, before you can use 
Netscape’s LDAP directory to authenticate 
users to your email application, you must 
wait until the email vendor provides an 
LDAP client or gateway between the two 
directories or you must create one yourself. 

The Jury Is Still Out 

You can’t fairly assess these three directory 
service products yet because only one 
(NDS) has been officially released. In addi¬ 
tion, Netscape, Microsoft, and Novell will 
certainly modify their products as LDAP 3 
approaches completion. 

Reaching the goal of having a single 
directory that can reliably support all net¬ 
work applications and services is still some 
years away, even with today’s accelerated 
product cycles. Thus, you can’t realistically 


assume that a new product, such as 
Directory Server 3.0 or AD, will suddenly 
be a panacea for all your directory needs. 

In the meantime, however, LDAP is 
useful as a gateway to directory informa¬ 
tion. It lets Internet and intranet users use 
a standard Web browser to access informa¬ 
tion. In addition, more full-featured LDAP 
clients, such as SWIX (see the sidebar 
“LDAP Clients and Directory Services”) 
can give network administrators the abili¬ 
ty to manage directory data from remote 
locations with the protection of authenti¬ 
cated access. Q 



























cripts 


Systems administrators' lives just got easier - 


thanks to improved scripting 


languages for Windows NT 


icture this: you’re a Windows NT systems admin¬ 
istrator and you want to change the home directo¬ 
ry path for a couple hundred users in a Security 
Accounts Manager (SAM) database. The database 
contains thousands of user accounts. If you work on a similar 
problem in a UNIX environment and the system doesn’t have 
an adequate tool for the task, you’ll probably write a custom 
tool in a scripting language. In UNIX shops, administrators 
have long used task-oriented languages such as the UNIX 
Shell (sh), Practical Extraction and Report Language (Perl), 
and Tool Command Language/Tool Kit (Tcl/Tk) to carry 
out enterprisewide operations. 

In an NT environment, however, administrators have had 
fewer options. Until recently, crude batch files provided the 
only practical way for administrators to automate tasks; you 
could view the process as using NT’s functionally challenged 
command language to glue together feature-inhibited com¬ 
mand-line tools. 

The introduction of GUI management tools for adminis¬ 
tering systems improved the situation. But for tasks such as the 
one I described at the beginning of this article, GUI manage¬ 
ment tools such as User Manager for Domains often break 
down very quickly. If the GUI doesn’t offer an appropriate 
tool, you have to purchase a third-party product or use the 
Win32 API to develop the tool. And the latter option isn’t a 
walk in the park. 

Although GUI tools make small tasks less intimidating for 


new systems administrators, the tools don’t work well for 
enterprise and batch-oriented tasks. For example, retrieving a 
specific Registry value from hundreds of servers is not a triv¬ 
ial undertaking. And searching an event log for a specific secu¬ 
rity event on hundreds or even dozens of servers can take 
days. 

GUIs also have a subde shortcoming: they rely on human 
interaction. I hate to be the bearer of bad news, but to believe 
that you can repeatedly complete many dialogues without 
error isn’t realistic. The result of human error is costly rework. 
Thus, as NT becomes more prominent in enterprise net¬ 
works, administrators must find smarter ways to work. Scripts 
are one solution. 

Scripts Defined 

A command-line script is a series of commands in a text file. 
The name of the text file tells the operating system that the 
file is executable. For example, if the filename is myscript.bat, 
the .bat extension tells NT to execute the contents of 
myscript.bat sequentially. The system component that inter¬ 
prets and executes the batch file is the NT command inter¬ 
preter (cmd.exe). 

Scripting languages extend scripting capabilities by provid¬ 
ing additional language constructs such as variables, condi¬ 
tional statements and functions. Scripting languages include an 
interpreter. For example, Perl for Win32’s interpreter is 
perl.exe. A Perl script typically has a .pi extension.To invoke a 
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LISTING 1: The Command-Line Script Note: The symbol O 
©echo off signals a wrapped line. 

echo Wserverl > getregval.txt 
regread Wserverl % 1 12 » getregval.txt 
echo Wserver2 


getregval.txt 
regread Wserver2 %1 %2 » getregval.txt 
echo Wserver3 » getregval.txt 
regread Wserver3 %1 12 » getregval.txt 


LISTING 2: The Perl Script 

# Tells the Perl interpreter to include the contents of the 

# nt.ph (perl header) file. This file contains NT Registry 

# macro definitions, 
use Win32; 
require 'NT.ph'; 


)# Define Variables to make the script more readable. 

$RegKey = undef; # Registry key that contains the value 

$RegValue = undef; # Registry value we want to retrieve 

©Servers = undef; # Array of servers to get values from 


# Start the script. 


print "Enter the Registry Key; 
$RegKey = <STDIN> ; 


# Prompt for the Regisl 

# Fetch the key from 

# standard input. 

# Remove the newline 

# character. 


chop($RegKey); 


print "Enter the Registry Value;" 


# Prompt for the Registry 

# value. 

# Fetch the value from 

# standard input. 

# Remove the newline 

# character. 


$RegValue = <STDIN> ; 


chop($RegValue) : 


# Open the file that contains the list of servers -or- abort 

# the script if you can't open the input file. 
)open(INPUTFILE, "servers.txt") || 

die "Unable to open input file servers.txt."; 


$i=0 ; 

while($server = <INPUTFILE>) 


# Read input file into Servers 

# array. 


chomp ($server) ; 
$Servers[$i++] = $server ; 


close(INPUTFILE); 


# Close the input file. 


# Open ouput file -or- abort the script. 
open(OUTPUTFILE, ">getregval.txt") || 
die "Unable to open output file getregval.txt.' 


(continued 


Perl script, you pass it to the Perl interpreter 
using a command similar to 

C:\>perl myscript.pl 

The Perl interpreter interprets and executes 
the contents of myscript.pl. Of course, 
myscript.pl must contain valid Perl state¬ 
ments. 

Scripting languages complement system 
programming languages such as C, C++ 
and Java because they glue together utility 
programs to automate solutions to specific 
problems. For example, ActiveWare 
Internet Corporation developed Perl for 
Win32 to fill the need for a strong script¬ 
ing language on the Windows 95 and NT 
platforms. Perl has become the de facto 
scripting language for UNIX systems 
administration and a widely used Web 
Common Gateway Interface (CGI) devel¬ 
opment language. 

Many good scripting languages are now 
available for NT. These utility languages 
offer features ranging from enhanced logon 
script processing to complete enterprise 
systems administration. The sidebar 
“Scripting Languages for NT,” page 81, 
suggests some criteria to consider when 
you select a package and lists some script¬ 
ing languages for the NT platform. 

To illustrate how scripting makes life 
easier, I’ll show you how to perform a task 
using a command-line script (batch file) 
and scripts written in two powerful NT 
scripting languages: Perl for Win32 5.0, 
Build 310 (ActiveState Tool, formerly 
ActiveWare Internet) and Final for NT 
Server 6.01 (FastLaneTechnologies). 

The Command-Line Script 

Listing 1 is a simple script that uses the NT 
command line to retrieve a Registry value 
from multiple servers and print the results 
to a file. The script in Listing 1 requires the 
Registry key and the Registry value as 
command-line arguments. It also depends 
on the regread. exe utility on the Microsoft 
Windows NT Server Resource Kit CD- 
ROM. Notice that I include the target 
server names (serverl, server2, server3) in 
the batch file so that I can retrieve Registry 
information from several servers with one 
command. When I run the script, it pro- 
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luces an output file, getregval.txt, which 
ontains the results. Screen 1, shows the 
mtput file for this script. 

This script is useful but limited. For 
nstance, you must edit the script every 
ime you want to add a new server. If you 
iave several scripts that work similarly, you 
nust update all of them. A more efficient 
actic is to maintain a list of servers in a text 
ile and input the text file. Perhaps you also 
vant to improve the script’s output format. 
Jnfortunately, you can’t make either 
:nhancement using NT’s batch language. 

fhe Perl Script 

xt’s rewrite the batch file in Listing 1 to 
lemonstrate Peri’s capabilities. First, you 
leed to install Perl for Win32 on your 
workstation. Download pw32i310.exe 
rom the ActiveState Tool Web site 
http://www.activestate.com). Place this 
;elf-extracting file into the Perl installation 
iirectory (e.g., c:\Perl), and invoke 
aw32i310.exe to fire up the installation. 

At A in Listing 2, the script declares 
;hree variables: $RegKey, $RegValue and 
^Servers. $RegKey holds the Registry key, 
IRegValue holds the Registry value and 
@Servers is an array that holds the list of 
servers. 

The script then prompts the user for the 
key and value, and stores the user’s input 
in $RegKey and $RegValue. The chop 
function is a Perl function that removes the 
last character from a string. In Listing 1, 
chop removes the new line character that 
results from the user pressing the Enter key 
after typing the Registry key and value. 

At B in Listing 2, the script opens the 
file that contains the list of servers and reads 
the list into the @Servers array. In this 
example, the script expects the servers.txt 
input file to be an ASCII file with one serv¬ 
er name per line. 

Next, the script opens the getregval.txt 
output file and writes some header infor¬ 
mation into it. At C in Listing 2, the script 
loops through the @Servers array, calling 
the Perl for Win32 Registry functions to 
connect to the Registry, retrieve the 
Registry value, and write the returned 
value to the output file. Screen 2, displays 
the executing script and the contents of the 
output file. 



LISTING 2 (continued) 

print OUTPUTFILE "getregval.pl ReportVn": 

print OUTPUTFILE “--\n\n" 

print OUTPUTFILE "Registry Key: $RegKey\n": 
print OUTPUTFILE "Registry Value: $RegValue\n\n" 
print OUTPUTFILE "Server\t\tValue\n"; 
print OUTPUTFILE"——\t\t——\n" : 


# Loop through array of servers: Retrieve 

# Registry value and write to output file. 

) foreach $server (©Servers) 


Win32::RegConnectRegistry($server,&HKEY_LOCAL_MACHINE,$RegHandle) ; 

Win32::RegOpenKeyEx($RegHandle,$RegKey,&NULL,&KEY_ 

I QUERY_VALUE.$KeyHandte); 

Win32::RegQueryValueEx($KeyHandle,$RegValue,&NULL,$Type.$RetValue); 

Win32::RegCloseKey($KeyHandle); 


print OUTPUTFILE "$server\t$RetValue\n" 


# Reinitialize Registry handles and return value to avoid writing 

# bogus data to the output file. 

$RegHandle = undef; 

$KeyHandle = undef: $RetValue = undef: 


close(OUTPUTFILE); # Close the output file. 




■ Screen 2: 
Viewing a Perl script 


■ Screen 3: 
Viewing a Final script 
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LISTING 3: The Final Script 

Script GetRegistryValue: 


// Define variables. 

Var 

DataType, fHandle, i. RetumCode : INTEGER; 
DataTypes, ServerList, Servers : STLIST; 
buffer. Hive, Key, Value : STRING; 


// Initialise variables. 
Begin 

DataType := 0: 
fHandle == 0; 


// Registry data type 
// Output file handle 


RetumCode := 0 ; 

DataTypes .= {"REGJ3INARY (Binary)”, 
"REG_DWORD (Double Word)”, 
"REG_EXPAND_SZ (Expandable String)” 
"REG_SZ (String)']; 

ServerList := 0: 

Servers := {}; 
buffer := 


// Return code 
// Registry data types 


// Server list 
// User-selected servers 
// Registry function 
// return buffer 
// Registry hive to search 
// Registry key containing 
// value 

// Registry value to 
// retrieve 


"HKEY_LOCAL_MACHINE” 


// Display opening dialogue box with instructions to user. 
RetumCode ;= MessageBoxC'Get Registry Value”. 

"This tool retrieves registry values from multiple servers.\n\n” 
"Four inputs are requiredAn"+ 

”1. The list of servers to retrieve the registry data from.\n”+ 

”2. The registry value data type.\n”+ 

”3. The registry key that contains the value.\n"+ 

"4. The registry value.\n\n”+ 

"Continue?",6,6.1): 
if RetumCode <> 6 then 
Exit(1); 


// Prompt user for list of servers to retrieve values from. 
Servers .■= PickListf'Get Registry Value - Select Target 
I Server(s)”, 

ServerList, TRUE); 


// Prompt user for data type of Registry value. 

DataType ; = CheckBoxListf'Get Registry Value - Select Data Type”, 
DataTypes, 16.1): 

// Prompt user for Registry key. 

Key : = EditLineC'Get Registry Value”. "Enter the Registry 
f Key ; ", Key); 

(continued on page 82) 


Unlike with the command-line script, 
you don’t have to edit the Perl script to 
support additional servers. You simply add 
them to the servers.txt input file. In this 
example, I also enhanced the output file 
format to make it more readable. 

The Final Script 

Listing 3, presents the Final version of the 
Registry script. Before you can run the 
script, you must install Final for NT Server 
on your workstation. A Final source file has 
an .fc extension, which you must compile 
to an .fbi file before you execute it. I com¬ 
piled this script in the Final IDE, and then 
passed it to the Final runtime using the 
command line 

cA>finalrun getregval.fbi 

Final can also generate standalone exe¬ 
cutable files, but you must buy this feature 
as an add-on product option. 

The Final script differs from the Perl 
script primarily in that Final offers a GUI. 
Perl for Win32 has no GUI support today, 
although ActiveState Tool is working on a 
GUI. However, you can use an HTML 
form and a browser as an alternative inter¬ 
face for the Perl script. Screen 3, shows the 
opening dialogue box in the Final script. 

Scripting Power 

To get an idea of just how powerful some 
of these scripting languages are, browse the 
function libraries that come with the soft¬ 
ware. I’m sure you’ll find that you can 

■ Figure 1: 

Example Tasks for Scripting I 

Managing access control list (ACL) 
Configuring applications 
Auditing systems and reporting 
audits 

Managing files and shares 
Managing OS patches and 
upgrades 

Managing the Registry 
Automating repetitive tasks 
Configuring servers 
Controlling and configuring services 
Tracking system availability 
Adding, changing, and deleting 
users 
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Scripting Languages for NT 


The industry offers many good scripting languages for NT. 

Table A summarises the features of some available scripting 
languages for the NT platform. How do you decide which lan¬ 
guage to use? These questions will help you narrow the field: 

• Does the scripting language match the task? 

• Does the language target the systems administrator? A 
good language helps reduce labor-intensive administrative 
tasks (e.g., managing users, servers, files, printers, shares, 

table A: Sample NT Scripting Languages 

Vendor/Web Address Scripting Language 


and security). 

• Is the language easy to use, with a minimal learning curve? 

• Is the language robust: Can you use it over a network? Can 
it provide access to key system objects (event logs. Registry, 
the SAM database)? Can it produce detailed reports? Is it 
extensible? Can it support complementary technologies 
such as BackOffice and Open Database Connectivity 
(ODBC)? 


Description 


ActiveState Tool 

(formerly ActiveWare Internet) 
http://www.activestate.com 


Advanced Systems Concepts 

http://www.advsyscon.com 

Ataman Software 

http://www.ataman.com 

FastLane Technologies 

http://www.fastlanetech.com 

Win32; 


Microsoft 

http://www.microsoft.com/ 

ntserver/info/adsi/htm 

1 http://www.microsoft.com/ 
management 

http://www.microsoft.com/ 

jscript 

http://www.microsoft.com/ 

vbscript 

http://netnet.net/~swilson/kix 


» Sun Microsystems 

i. http://sunscript.sun.ee 


Perl for Win32 5.003, Build 310 


Perl for ISAPI (PerllS) 
Perl Script 


Regina Rexx for Win32 (included in 
the NT Server resource kit) 


Final For Windows NT Server 6.01 


Active Directory Service Interfaces 
(ADSI) 


Windows Scripting Host 

Java Script 

Visual Basic Script 

KIXtart 95 3.20 (included in the NT 


A port of most of the functionality in Perl, with extensive 
support for Win32; an excellent tool for gluing together 
small utility programs, redirecting I/O, managing logs, and 4 
creating reports. Distributed free under the GNU Artistic 
License; no official support. 

ISAPI DLL that runs Perl scripts on Win32 platforms. 

ActiveX scripting component; runs under the Microsoft , 
Windows Scripting Host. 

The extended Language for NT, based on Digital Equipment's ' 
DCL command language; facilitates enhanced logon scripts f 
and remote systems management. 

Restructured Extended Executor; supports OLE automation, j 
Registry, and event log functions; NetRexx and ObjectRexx for j 
NT also available (http://www2.hursley.ibm.com). 

FastLane Integrated Network Application Language; Pascal- 1 
like scripting language with comprehensive support for 1 

includes Exchange and ODBC components as product add- 
ons. The Exchange functions let you create, manage, and \ 
delete Exchange users and folders using Final scripts. The ' 
ODBC functions provide database connectivity. 

Not a scripting language; an enabling technology that lets 1 
systems administrators create administration tools using a 
variety of technologies: Visual Basic, VBA, VBScript, C, C++, 
Java. 

Language-independent script environment for 32-bit Windows * 
platforms; provides enhanced logon and administrative 
scripting capabilities. 

ActiveX scripting component; runs under the Windows 1 
Scripting Host. 

ActiveX scripting component; runs under the Windows I 
Scripting Host. 

Freeware logon script processor and enhanced batch 


Server resource kit); developed by version 3.36 available. 
RuudVan Velsen of Microsoft Benelux 
Tcl/Tk, (Tel 7.6 and Tk 4.2) 


WinBatch 97 32l-97b 


Tool Command Language/Tool Kit (pronounced ti 
advantage over Perl for Win32 is GUI support; current support | 
for Win32 not as extensive as Perl; Christopher Sedore's NT J 
Extensions to TCL also available (http://zazu.maxwell.syr. 
edu/nt-tcl/index.html). 

Enhanced batch language capabilities with support for GUI 
components, keystroke automation, DDE, and Registry. 







p.: LISTING 3 (continued) 

$ // Prompt user for Registry value. 

■I 

51* Value : = EditLinefGet Registry Value". "Enter the Registry 
I Value:". Value); 


// Open output file and write header information to output file. 
fHandle : = FileOpenCgetregvaLtxt", "wt") ; 
FileWriteLine(fHandle, 

"Get Registry Value - "+DateToString(GetPCDate().0)+ 

“\ n -\n\n”+ 

"Key:\t"+Key+"\n"+ 

"ValueAt"+Value+'An\n"); 


' \ // If the user-selected data type is binary, execute this block. 
S' " H The for loop loops through the list of servers. Through each 
// iteration, fetch the value and write it to the output file. 
if Data TyP e = 1 then 
Begin 

for i .-= 1 to NumltemslnList(Servers) do 
■ W Begin 

J, buffer := Servers[i]+"At"+ 

NTRegGetKeyValueBinary(Servers[i],Hive.Key.Value)+"\n"; 
Wjd FileWriteLine(fHandle. buffer); 
buffer := “ 


[// If the user-selected data type is dword, execute this block, 
if DataType = 2 then 


JF for i : = 1 to NumltemslnList(Servers) do 
|i Begin 

[ t: buffer := Servers[i]+":\t”+ 

A ToString(NTRegGetKeyValueWord(Servers[i].Hive,Key.Value))+''\n" 
■i | FileWriteLine(fHandle. buffer); 

A< buffer :=""; 

End; 

I, End; 


// If the user-selected data type is a string type, execute 
// this block. 

if ((DataType=4) or (DataType=8)) then 
Begin 

for i : = 1 to NumltemslnList(Servers) do 
Begin 

buffer ;= Servers[i]+"At"+ 

NTRegGetKeyValueString(Servers[i],Hive.Key,Value)+"\n" : 
FileWriteLine(fHandle, buffer); 
buffer ;= 

End; 

End; 


FileClose(fHandle); 

MessageBoxfGet Registry Value", "Script Completed 
I Successfully". 0.1.1) : 

Exit(0); 

End. 



offload to a script some of the day-to-day 
tasks listed in Figure 1. 

To obtain demonstration copies of the 
scripting tools mentioned in the sidebar 
“Scripting Languages for NT” browse the 
companies’ Web sites. Most sites include 
example programs to get you up to speed 
quickly. FastLane s Final includes an exam¬ 
ple script for each of the NT functions it 
supports. 

Scripting will continue to evolve. You 
must look no further than Microsoft’s 
recent scripting initiatives to see that scripts 
can play an important role in enterprise 
systems management. So try your hand at 
automating your work with scripts - you 
might surprise yourself! Q 


You can download the listings in this article 
from the magazine’s Web site, 
http://www.winntmag.com. 
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\ctive Directory 

Will it fix NT's deadly sins? 


f all Windows NT 5.0’s anticipated features, 
the most important is probably the Active 
Directory. It will change how NT handles 
user accounts, domains, trust relationships, 
browsing and security, to name a few items. Basically, if 
you’re currently an NT expert, Active Directory will 
change that status. 

Active Directory is requiring Microsoft to throw away 
tens of thousands of lines of code and write perhaps a few 
hundred thousand or million in its place. What benefits 
does Microsoft hope to see from all that work? As I see 
it, Active Directory will fix several shortcomings - the 
Deadly Sins of NT. Over the next few months, I’ll 
describe NT’s deadly sins and explain how Active 
Directory corrects them. 

Sin of SAM 

The first deadly sin is NT’s fixed user database structure. 
Currently, NT stores user information in the Security 
Accounts Manager (SAM), a file in \winnt\system32 
\config. (SAM has no extension such as .exe or .dll.) 
SAM is a database that stores a user’s name, password, full 
name, description, the groups that the user is a member 



of, what hours the user can log on, what machines the 
user can log on from, where the user’s profile fives, 
which logon batch script to run when the user logs on, 
what the user’s home directory is, when the account 
expires and what rights the user has. SAM also contains 
information about each machine that is a member of the 
domain and any trust relationships to other domains, but 
let’s just consider the user information. 

This database is an encrypted flat file with a fixed set 
of a dozen or so fields. But what if you want to add a 
field to each user’s record so that you can fill in a con¬ 
tact phone number for each user. Or suppose you want 
to add a bitmap with a user’s picture. Can you get SAM 
to do that? 

Of course not. SAM has a fixed format. You can 
extend the User Manager for Domains with more infor¬ 
mation tabs, as Microsoft did with Exchange, but I know 
of no way to add fields to SAM. In contrast, you can 
modify the new Active Directory to include just about 
any information. And modifying the Active Directory 
structure doesn’t require assembly language, C++, or the 
like. All examples that I’ve seen of modifying the Active 
Directory were written in Visual Basic (VB) orVBScript. 
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These VB programs are not trivial, but 
they’re not impenetrable either. 

To write an Active Directory-modify¬ 
ing program, you invoke several function 
calls in the Active Directory Service 
Interfaces (ADSI).VB is the glue that holds 
a bunch of ADSI calls together, in much 
the same way that Microsoft uses VBScript 
to customise folders in Internet Explorer 
(IE) 4.0. The VB is not what’s important; 
the system calls are. Finding documenta¬ 
tion with clear examples for the IE 4.0 sys¬ 
tem calls has been very difficult. I hope 
finding information on ADSI calls is easier. 

The Domain Controller Sin 

The second deadly sin is how NT cur¬ 
rently relies on Primary Domain 
Controllers (PDCs) and Backup Domain 
Controllers (BDCs). An NT domain is a 
bunch of machines sharing a SAM. Rather 
than making you sit down at every NT 
server and every NT workstation and type 
in the name, password, description, and so 
on of every user of those machines, NT 
lets you nominate one machine, the PDC, 
to be the keeper of a central SAM. The 
other machines then treat information in 
that central machine’s SAM as if it exists in 
their SAM. 

Clearly, having all the network’s user 
accounts on one machine is good, but the 
down-side is that this arrangement creates 
a single point of failure. Microsoft has less¬ 
ened this potential problem with BDCs, 
NT servers that hold backup copies of the 
SAM. BDCs can perform logon services 
just as PDCs do, allowing load balancing 
in busy networks. 

But BDCs are limited in what they can 
do to back up PDCs. If the PDC in a 
domain crashes, you might think that the 
BDCs would promote one of their own to 
PDC, but that doesn’t happen. Imagine a 
company with a central office where the 
PDC lives and four distant branch offices, 
each with a BDC. The firm’s WAN con¬ 
nects the central office and the PDC to 
the branches and BDCs. Suppose the 
WAN goes down. The BDC in each 
branch office now thinks that the PDC is 
down and cannot communicate with any 
BDCs. If BDCs automatically promoted 
themselves, you’d end up with five PDCs 



in this network. When you restored the 
WAN links, you’d have chaos. 

Instead, the BDCs remain BDCs. They 
can still do logons, so each office can con¬ 
tinue to operate without a problem. 
Logons don’t require changing the SAM, 
just reading it. But suppose an administra¬ 
tor needs to change someone’s password 
or group membership? When you start up 
the User Manager for Domains, you’ll see 
a message to the effect that the PDC for 
this domain could not be found; you may 
not be able to do certain domain-wide 
operations such as changing a password or 
a group membership. If User Manager for 
Domains can’t contact the PDC, you can’t 
make any user changes. The only way a 
BDC becomes a PDC is if an administra¬ 
tor uses Server Manager to promote the 
machine to PDC. And if you want to 
change a machine from member server to 
domain controller, you must reinstall NT 
from scratch. 

Active Directory will change that 
situation. You won’t have PDCs or BDCs; 
you’ll have only domain controllers. 
And designating a machine as a domain 
controller will be as simple as starting a 
service. When you start up a user adminis¬ 
tration tool - Microsoft will replace User 
Manager with a browser-driven tool 
called DSWeb or, optionally, a component 
in Microsoft Management Console 
(MMC) - your computer will locate the 
nearest domain controller and use the 
Active Directory information on that 
computer. DSWeb or MMC will save any 
changes you make to that nearby domain 
controller’s Active Directory database. 

The other domain controllers will find 
out about those changes through a system 
called multimaster replication. NT 5.0 
domain controllers in an enterprise will 
know about each other, and they’ll prop¬ 
agate any Active Directory changes so that 
all domain controllers are up to date. Even 
better, a notion called sites will let domain 
controllers know how expensive it is to 
communicate with one another. (Ex¬ 
change and SMS users will recognise this 
concept.) The idea is that some domain 
controllers are on the same high-speed 
LAN, a network that’s fast enough that 
they can chatter back and forth a fair 


amount without compromising the net¬ 
work. This group of domain controllers 
that share fast, relatively clear data path¬ 
ways is a site. Within a site, Active 
Directory changes to one domain con¬ 
troller are replicated to its site-mates fair¬ 
ly quickly. Communicating with other 
sites, however, entails some cost if the 
transport path to the other site is slower 
or congested. An NT 5.0 administrator 
can adjust those costs to optimise 
site-to-site communication. 

Suppose an administrator in Sydney 
modifies Joe’s password at 8 a.m., and an 
administrator in Brisbane modifies Joe’s 
password at 8 p.m. the same day. Due to 
slow WAN links, the Auckland office hears 
both updates to Joe’s password at the same 
time. Which one should it keep: the origi¬ 
nal password, the Sydney password, or the 
Brisbane password? Each piece of data in 
the Active Directory has a serial number 
on it, sort of a time and date stamp. If 
Sydney updates the password and Brisbane 
changes the user’s group memberships, you 
don’t have a conflict. Joe’s entire record is 
not replicated, just the fields that change. 

And More Sin 

Next month, I’ll examine the next Deadly 
Sin, where NT makes it difficult for third- 
party applications to exploit the informa¬ 
tion in the user list. The answer to that sin 
lies in Active Directory’s strategic use of 
the Lightweight Directory Access 
Protocol (LDAP) standard. (For more on 
LDAP and Active Directory, see Craig 
Zacker, “LDAP and the Future of 
Directory Services, Part 2,” page 70.) □ 
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Inside NT's 

Interrupt Handling 



NT’s interrupt management affects 


realtime system applicability 


ne of Windows NT’s primary responsibilities 
is interfacing a computer to its peripheral de¬ 
vices. Like most modem operating systems, 
NT can dynamically integrate device driver 
programs to manage devices. Device drivers typically use 
interrupt signals to communicate with the devices they 
control. When a device has completed a driver-directed 
operation or when the device has new data for the driver, 
the device generates an interrupt signal. Depending on the 
state of the CPU, either a function within the driver 
immediately services the devices interrupt, or the CPU 
queues the interrupt for later servicing. 

NT implements interrupt processing differently from 
many other operating systems, so how NT and NT device 
drivers process interrupts and how that processing affects 
other operations can be confusing. For example, systems 
programmers often ask me how interrupts affect thread 
scheduling - a natural question because the CPU can 
receive interrupt signals almost anytime, even while user 
programs perform ordinary processing. A common mis¬ 
conception is that NT won’t service low-priority inter¬ 
rupt signals while high-priority threads are executing 
time-critical tasks. 

The way NT handles interrupt processing affects NT’s 
viability as an operating system for realtime (time-critical) 
environments (e.g., aircraft guidance systems). NT’s rich 
development environment, user interface, and thread pri¬ 
ority scheme make NT attractive to designers of realtime 
systems. However, realtime environments require the abil¬ 
ity to predict how fast an operating system will react to 
interrupts; thus, the way NT implements interrupt han¬ 




dling affects how suitable it is for realtime applications. 

In this column, I’ll first provide background informa¬ 
tion about interrupts and describe NT’s Interrupt Request 
Level (IRQL) architecture. Next, I’ll present how device 
drivers register to receive notification of interrupts that 
their devices generate and what device drivers typically do 
upon notification. Finally, I’ll describe the effect of inter¬ 
rupt processing on the NT scheduler and comment on 
how NT’s interrupt processing affects its applicability for 
realtime systems. 

Devices and Interrupts 

All the major hardware architectures that NT runs on have 
interrupt-controller hardware to translate device interrupts 
into signal levels that feed into the CPU. The interrupt 
controller defines the interrupt priority scheme: when a 
device triggers an interrupt of a given priority, the con¬ 
troller masks (or withholds) from the CPU all interrupts of 
priority less than or equal to the device interrupt’s priori¬ 
ty. Until the CPU signals to the interrupt controller that it 
has finished servicing an interrupt, the interrupt controller 
pends (or puts on hold) lower priority interrupts but lets 
higher priority interrupts occur. When the interrupt level 
on the controller drops below an interrupt’s priority, the 
controller lets the interrupt proceed to the CPU. 

Device controllers connected to modern CPU buses 
(such as the popular PCI bus) dynamically determine 
which interrupts their device will use. When a device 
needs to inform its driver of an event (such as the avail¬ 
ability of new data), it generates an interrupt that the 
device driver will recognise and acknowledge. The device 
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■ Table 1: 

IRQL Symbolic and Numeric Definitions 

Symbolic Name Purpose Intel Level Alpha Level 

High Level 

Highest interrupt level 

31 7 

Power Level 

Power event 

30 7 

IPI Level 

Interprocessor signal 

29 6 

Clock Level 

Clock tick 

28 5 

Profile Level 

Performance monitoring 

27 3 

Device Level 

General device interrupts 

3-26 3-4 

Dispatch Level 

Scheduler operations and deferred 
procedure calls (DPCs) 

2 2 

APC Level 

Asynchronous procedure calls (APCs) 

1 1 

Passive Level 

No interrupts 

0 0 

■ Table 2: 

Situations Initiating DPC Queue Draining 


DPC Priority 

DPC Targeted at ISR’s Processor 

DPC Targeted at Another Processor 

Low 

DPC queue length exceeds maximum DPC 

DPC queue length exceeds maximum DPC queue 


queue length, DPC request rate is less than 
minimum DPC request rate, or system is idle 

length or system is idle 

Medium 

Always 

DPC queue length exceeds maximum DPC queue 
length or system is idle 

High 

Always 

Always 


Iriver registers an interrupt service routine 
ISR) with the operating system, and the 
jperating system executes the ISR in 
esponse to the interrupt.The ISR’s job is to 
ead status information horn the device, 
icknowledge the interrupt, and stop the 
levice from signaling the interrupt. 

nterrupt Request Levels 

'IT manages interrupts by mapping inter- 
upt-controller interrupt levels onto its 
lardware-independent table of interrupt 
evels. The hardware abstraction layer (HAL 
- the NT module custom-written for indi- 
fidual interrupt controllers, motherboards, 
>r processor chip-sets) performs the map- 
>ing. In a multiprocessor system, any proces- 
or can receive interrupts, so NT maintains 
in independent IRQL for each processor. A 
rrocessor’s IRQL represents the level of 
nterrupt that the CPU is currently masking 
ind directly corresponds to interrupts that 
he CPU’s interrupt controller masks, 
because NT’s IRQLs are not tied to any 
lardware specification, NT can also map 
ion-hardware interrupt types into its prior- 
ty hierarchy. The operating system uses soft¬ 
ware interrupts primarily to initiate sched¬ 
uling operations, such as thread switching, 
ar I/O completion processing. 

When NT services a hardware interrupt, 
STT sets the processor’s IRQL to the corre¬ 
sponding mapped value in NT’s IRQL 
:able. NT programs the interrupt controller 
to mask out lower priority interrupts, and 
device drivers (as well as NT) can query the 
[RQL to determine its value. (NT permits 
some operations only when the IRQL is 
less than certain values, as we’ll see later.) 

The size of NT’s IRQL table varies 
among processor architectures (Intel, Alpha, 
etc.) to better map the interrupt levels that 
standard interrupt controllers provide, but 
interrupt levels that device-driver designers 
and NT’s developers might find interesting 
have symbolic names. Table 1 summarises 
the symbolic IRQL names and their corre¬ 
sponding numeric values on Intel and 
Alpha architectures. 

In Table 1, the lowest IRQL priority is 
Passive Level. When a processor is at this 
state, no interrupt processing activity is 
occurring. When code in user applications 


such as Word and Netscape is executing, the 
processor is at Passive Level. NT’s goal is to 
return from higher IRQLs to Passive Level 
as quickly as possible so that NT can service 
new interrupts immediately and programs 
can get their work done. 

The next two IRQLs above Passive 
Level (APC Level and Dispatch Level) are 
scheduler-related software interrupt levels. 
When the system is at APC Level, the exe¬ 
cuting thread will not receive asynchronous 
procedure call (APC) requests, which NT 
commonly uses for I/O cleanup operations. 
When the system decides that a scheduling 
decision needs to take place (e.g., when a 
thread’s turn on the CPU ends), it issues a 
Dispatch Level software interrupt. (I’ll 
describe the role of Dispatch Level software 
interrupts later in the article.) 

All IRQLs higher than Dispatch Level 
relate to hardware interrupts. A system’s 
peripheral devices (e.g., disk drives, key¬ 
boards, serial ports) have hardware inter¬ 
rupts mapped to IRQLs in the Device Level 
range. You can see in Table 1 that on Intel 
processors, the range is 3 through 26, and on 
Alpha machines, the range is 3 through 4. 
The fact that such a difference exists 


between the two ranges implies that NT 
does not really prioritise general device 
interrupts. Even on Intel processors, where 
hardware interrupts might have different 
IRQL values, the assignments are arbitrary. 

The IRQLs above Device Level have 
predefined associations with certain inter¬ 
rupts. Profile Level relates to the kernel pro¬ 
filing timer, Clock Level relates to the system 
clock tick, IPI Level relates to signals sent 
from one CPU to another, and Power Level 
relates to power failure events. NT reserves 
but does not currently use High Level. 

Interrupt Objects 

Device drivers need a way to tell NT that 
they want specific functions executed when 
the processor receives interrupts associated 
with their devices. To satisfy this need, 
device drivers register an ISR with the I/O 
Manager by calling the IoConnectlnterrupt 
subroutine. The parameters passed to 
IoConnectlnterrupt describe all the attrib¬ 
utes of the driver’s ISR, including its 
address, the interrupt the ISR connects to, 
and whether other devices can share the 
same interrupt. 

IoConnectlnterrupt initialises an 







Interrupt Object to store information about 
the interrupt and its connected ISR. 
IoConnectlnterrupt also programs the 
processor’s interrupt hardware to point at 
code that IoConnectlnterrupt places in the 
Interrupt Object. Thus, when the CPU 
receives the interrupt, control immediately 
transfers to the code in the Interrupt 
Object. This code calls NT’s interrupt ser¬ 
vicing helper function, Kilnterrupt- 
Dispatch, which raises the processor’s 
IRQL, calls the appropriate ISR, and lowers 
the IRQL to its previous value. 
KilnterruptDispatch also obtains a spinlock 
specific to the interrupt and holds it while 
the ISR is running. A spinlock is a synchro¬ 
nisation primitive commonly used in the 
NT kernel. The spinlock ensures that the 
ISR won’t execute simultaneously on more 
than one processor (something that might 
cause device-driver writers some grief). 

In NT, an ISR usually does nothing 
more than read a minimal amount of infor¬ 
mation from the interrupting device and 
acknowledge to the device that the driver 
has seen the interrupt. In other operating 
systems, ISRs often perform additional 
duties, such as fully processing an interrupt 
by reading large data buffers from or writing 
large data buffers to a device. However, one 
of NT’s goals is to minimise time spent at 
high IRQLs, so NT postpones most inter¬ 
rupt servicing until the IRQL decreases. 
ISRs request a deferred procedure call 
(DPC) to inform the I/O Manager that 
they have work to do at a lower IRQL. A 
DPC is another function in the driver that 
the I/O Manager will call after the ISR fin¬ 
ishes; the DPC performs most of the inter¬ 
action with the driver’s device. 

Figure 1 depicts the typical flow of NT 
interrupt servicing. A device controller gen¬ 
erates an interrupt signal on the processor 
bus that a processor interrupt controller 
handles. The signal causes the CPU to exe¬ 
cute the code in the Interrupt Object regis¬ 
tered for the interrupt; the code in turn calls 
the KilnterruptDispatch helper function. 
KilnterruptDispatch calls the driver’s ISR, 
which requests a DPC. 

NT also has a mechanism to handle 
interrupts not registered by device drivers. 
During system initialisation, NT programs 
the interrupt controller to point at the con¬ 



■ Figure 1: 
Typical Flow of 
Interrupt Servicing 


troller’s default ISRs. Default ISRs execute 
special processing when the system gener¬ 
ates expected interrupts. For example, a 
page fault ISR must execute logic for situa¬ 
tions in which programs reference virtual 
memory that does not have allocated space 
in the computer’s physical memory. These 
situations might occur when programs 
interact with a file system to fetch data from 
a paging file or program image, or when 
programs reference an invalid address. NT 
programs unregistered interrupts to point at 
ISRs that recognise the system has generat¬ 
ed an illegal interrupt. Most of these ISRs 
pop up a blue screen of death to inform a 
systems administrator that an illegal inter¬ 
rupt happened. 

Deferred Procedure Calls 

DPCs are the workhorses of NT’s interrupt 
processing. NT tracks DPCs the same way 
it tracks interrupts - in objects. Device dri¬ 
vers usually initialise a DPC Object at the 
same time they connect to an interrupt. 
The information a driver must specify 
includes the address of its DPC function, 
the processor the DPC function needs to 
execute on, and the DPC’s priority. By 
default, a DPC will always execute on the 
processor the ISR executes on; however, a 
device driver writer can override this 
assignment. In addition, DPCs default to 
medium priority (the choices are low, 
medium, and high), but a device driver 
writer can also control priority. 

When an ISR requests a DPC, NT 
places the specified DPC Object on the tar¬ 


get processor’s DPC queue. If the DPC has 
low or medium priority, NT places the 
DPC Object at the end of the queue; if the 
DPC has high priority, NT inserts the DPC 
Object at the front of the queue. When the 
processor’s IRQL is about to drop from 
Dispatch Level to a lower IRQL (APC 
Level or Passive Level), NT removes the 
DPC Objects from the DPC queue. NT 
ensures that the IRQL remains at Dispatch 
Level and pulls DPC Objects off the queue 
until the queue is empty (i.e., NT drains the 
queue), calling each DPC function in turn. 
Only when the queue is empty will NT let 
the IRQL drop below Dispatch Level and 
let regular thread execution continue. 

DPC priorities can affect system behav¬ 
iour another way. NT usually initiates DPC 
queue draining with a software interrupt 
whose associated IRQL is Dispatch Level. 
NT generates such an interrupt only if the 
DPC is directed at the processor the ISR is 
requested on, and the DPC has high or 
medium priority. If the DPC has low pri¬ 
ority, the DPC requests the interrupt only 
if the number of outstanding DPC requests 
for the processor rises above a threshold, or 
the number of DPCs requested on the 
processor within a time window is low. If a 
DPC is targeted at a CPU different from 
the one the ISR is running on and the 
DPC’s priority is high, NT immediately 
signals the target CPU to drain its DPC 
queue. If the priority is medium or low, the 
number of DPCs queued on the target 
processor must exceed a threshold. The sys¬ 
tem idle thread also drains the DPC queue. 

























rable 2, summarises the situations initiat- 
ng DPC queue draining. 

Figure 2 shows a typical sequence of 
:vents. First, an ISR requests a DPC, and 
STT places the DPC Object on the DPC 
jueue of the target processor. Depending 
jn the DPC priority and the length of the 
DPC queue, NT generates a DPC software 
nterrupt then or at some later time. When 
:he processor drains the DPC queue, the 
DPC Object leaves the queue and control 
:ransfers to its DPC function, which com¬ 
pletes interrupt processing by reading data 
from (or writing data to) the device that 
originated the interrupt. 

Interrupts and Scheduling 

The IRQL information in Table 1, shows 
that Dispatch Level is associated with sched¬ 
uling operations. When the IRQL is at 
Dispatch Level or higher, NT masks sched¬ 
uler software interrupts, which means that 
NT effectively turns off the scheduler. In 
fact, device drivers (and NT) must not per¬ 
form operations that require an immediate 
response by the scheduler when a processor 
is at an IRQL greater than or equal to 
Dispatch Level. This restriction includes 
doing anything that might indicate to NT 
that the current thread is giving up the 
CPU to wait for some event to occur 
because that action would cause the sched¬ 
uler to find a new thread to execute. 
Another action that demands scheduler 
intervention is a page fault. When a thread 
accesses virtual memory that references data 
in the paging file, NT usually blocks the 
thread until the data is read. Therefore, at 
Dispatch Level or higher, NT does not per¬ 
mit access to memory not locked into the 
CPU’s physical memory. If you’ve seen the 
IRQL_ NOT_LESS_OR_EQUAL blue 


screen stop code, you’ve probably witnessed 
the effect of a driver violating these rules. 

Disabling the scheduler during interrupt 
processing has another, less-obvious effect: 
NT counts the time taken by ISRs and 
DPC functions against the quantum of the 
thread active at the time the CPU receives 
an interrupt. For instance, suppose Word is 
executing a spell-check operation, an inter¬ 
rupt comes in from a device, and the 
device’s driver has a DPC that takes all the 
remaining time in Word’s quantum (and 
then some). When the CPU’s IRQL drops 
below Dispatch Level, the scheduler may 
decide to switch to a different thread in 
another application, effectively penalising 
Word for the interrupt processing. 
Although this practice sounds unjust, most 
of the time NT distributes interrupt loads 
evenly across the applications in a system. 


NT as a Realtime 
Operating System 

Deadline requirements, either hard or soft, 
characterise realtime environments. Hard 
realtime systems (e.g., a nuclear power 
plant control system) have deadlines that 
the system must meet to avoid catastroph¬ 
ic failures such as loss of equipment or fife. 
Soft realtime systems (e.g., a car’s fuel- 
economy optimisation system) have dead¬ 
lines that the system can miss, but have 
timeliness as a desirable trait. In realtime 
systems, computers have sensor input 
devices and control output devices. The 
designer of a realtime computer system 
must know worst-case delays between the 
time an input device generates an interrupt 


control the output device to respond. This 
worst-case analysis must take into account 
the delays the operating system introduces, 


as well as the delays the application and 
device drivers impose. 

Because NT does not prioritise device 
interrupts in any controllable way and user- 
level applications execute only when a 
processor’s IRQL is Passive Level, NT is 
not always suitable as a realtime operating 
system.The system’s devices and device dri¬ 
vers - not NT - ultimately determine the 
worst-case delay (the time from when an 
input device interrupts through when a 
realtime application processes the input and 
controls the output device). This factor 
becomes a problem when the designer of 
the realtime system uses off-the-shelf hard¬ 
ware. The designer can have difficulty 
determining how long every off-the-shelf 
device’s ISR or DPC might take in the 
worst case. Even after testing, the designer 
cannot guarantee that a special case in a five 
system will not cause the system to miss an 
important deadline. Furthermore, the sum 
of all the delays a system’s DPCs and ISRs 
can introduce usually far exceeds the toler¬ 
ance of a time-sensitive environment. 

Interrupt Management 

Learning how NT manages interrupts can 
help clear up confusion about how NT’s 
interrupt processing affects thread schedul¬ 
ing and other operations: thread priorities 
are essentially independent of interrupt pri¬ 
ority levels. If you are a systems program¬ 
mer, information about NT’s interrupt 
management can help you understand how 
ISRs and DPCs fit into application process¬ 
ing. Finally, if you are considering NT as an 
operating system for a realtime environ¬ 
ment, you can judge NT’s suitability for 
your situation. □ 
















NET Commands 



Automate and simplify network and 


administrative tasks 


he NET commands in Windows NT are a set 
of networking and administrative commands 
that are useful to the administrator and of 
interest to the beginner investigating how NT 
works. With an understanding of the NET commands, 
you can simplify NT systems maintenance, especially 
when you use them in batch files. In this article. I’ll 
show some of the more useful NET commands and 
suggest uses for them. 

What Are the NET Commands? 

You run the NET commands from a command prompt 
or from within a batch file, and they perform network 
and administrative tasks. Typical tasks include establish¬ 
ing network connections, adding users and computers 
to a domain, as well as starting and stopping network 
services. 

One of the first uses that most people find for the 
NET command is during an over-the-network installa¬ 
tion of NT or some other software. Typically, you con¬ 
nect to the server using the DOS client software and 
establish a connection to the server. Then you use the 
NET USE command to map a network drive that con¬ 
tains the source files for your new operating system. If 
you’ve created a share called i386 that has the source 
code, the syntax is 

net use M: Wserver\i386 



to map the shared i386 directory on the server to the M: 
drive on the local computer. The next step is to switch 
to the M: drive and then run the install or setup pro¬ 
gram. 



Where Can I Find a List of NET 
Commands? 

The first place to look for a list of NET commands is the 
command prompt from which you will run them. Type 

net/? 

to show the list of commands in Screen 1, page 155. To 
get more detailed help for a specific command, type 

net help <command> 

For example, to learn the correct syntax for the NET 
COMPUTER command, type 

net help computer 

A second place to look for a fist of these commands is 
Windows NT Help - not Books Online, just the ordi¬ 
nary Help option on the Start menu. Choose the Find tab 
in the Help dialogue box, and search on “net.” Display the 
topic Commands Index for a fisting similar to Screen 2, 
page 155. Be sure to search on net in lowercase, because 
you will see a different set of topics if you search on 
“Net.” 

Network Connections 

As I mentioned earlier, you map a network drive with the 
NET USE command. You can put such a command into 
a logon script, ensuring that all users connect to the serv¬ 
er with the same drive letter - something many network 
applications require. On its own, NET USE will fist your 
existing connections. Follow the command with /del or 
/delete to drop the connection or /Persistences to 
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■ Screen 1: 

Displaying NET commands 
Help from the Command 
Prompt 


■ Screen 2: 
Viewing the NET 
Commands Index in 
Windows NT Help 


■ Screen 3: 

Listing the 
Engineering group 


ensure that the connection is rebuilt when 
you log on again. 

You can do the same thing with print¬ 
ers when you have DOS or Windows 3.1 
programs that do not recognise network 
printers. The syntax is similar, except that 
this time, you use 

net use lpt2: \\server1\HPU5 

to map the network printer to a printer 
port that the DOS program understands. 
Now your DOS program can send its out¬ 
put to LPT2 and not even realise that it is 
talking to a network printer. 

User and Group Accounts 

You can add users and groups to a domain 
using NET commands. The NET USER 
command adds usernames, passwords, and 
other settings to the accounts database. The 
NET GROUP command adds global 
groups, and NET LOCALGROUP adds 
local groups. 

You can even add users to the groups 
you create and obtain lists of group mem¬ 
berships. In fact, you can use this feature to 
move users from one domain to another. 
(If you’ve worked with NT, you know that 
to migrate users from one domain to 
another, there is no easy way short of delet¬ 
ing thousands of users from one domain 
and entering them again in another 
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domain.) NET USER lets you add users 
and, when you use it with no parameters, 
provides a list of users. The same rule 
applies to NET LOCALGROUP and 
NET GROUP. Suppose that you want to 
move everyone in the Engineering global 
group to another domain. The procedure is 

1. Run the NET GROUP Engin-eering 
command to get a list of users, as Screen 3 
shows. 

2. Redirect this listing to a text file. 

net group engineering >eng.txt 

3. Using your favourite word processor, 
reformat the information to a batch file 
that contains the NET USE commands to 
add these users to the new domain. The 
batch file needs to contain one fine per 
user and looks like: 

net user <name> [password] 

/add/domain 

4. Reformat the batch file to also contain 
the NET GROUP command to add the 
users to the Engineering group. This batch 
file needs to contain a line 

net group engineering /add <name> 

for each user, but you can put multiple 
names on one fine if you want. 



5. Run the batch files on the new domain. 
Run the NET GROUP and NET 
LOCAL GROUP commands on any 
other global and local groups to obtain a 
list of members, again redirecting the out¬ 
put to a text file. Convert these text files to 
batch files that will add the appropriate 
groups, and place the newly added users 
into them. Don’t worry about usernames 
that are not part of Engineering. The new 
domain will not recognise them and will 
ignore them. 

Finally, run the original batch file that 
added the Engineering users to the new 
domain. But this time, run it on the origi¬ 
nal domain and change the /add switch to 
/del. This command will remove the users 
from the original domain. If you want, you 
can remove any groups that you no longer 
need. 

This approach has a few potential pit- 
falls. For example, you will encounter an 
error if you are trying to add a user with a 
name that already exists on the domain. If 
you do not spot the error, you might add 
the wrong user to a group. However, this 
approach works just fine if your original 
domain has outgrown the estimated num¬ 
ber of users.You simply add a new domain 
and populate it with users from the origi¬ 
nal domain. Because the new domain is 
empty, you won’t encounter conflicts when 
moving usernames. 


















Once a virus 
scanner identifies 
a virus, it can 
often eliminate the 
virus from the file. 

Security is another issue. The new 
accounts will not have passwords unless 
you assign them in the batch file. And 
although the added users should have pass¬ 
words that adhere to the minimum pass¬ 
word-length policy, I was able to add user 
accounts with blank passwords and log on 
using these accounts with no restrictions. 
Even when I specified in the NET USE 
command that a password was required, I 
was still able to log on to a new account 
with no password, and I wasn’t prompted 
to change the password. In fact, the one 
option I could not find was to force the 
user to change the password at the next 
logon, which is the default when you add 
a user through the User Manager interface. 

Security Policy Settings 

Now that you have added all those users, 
NET ACCOUNTS will let you modify 
the password and logon requirements for 
all the accounts in your accounts database, 
changing settings for minimum password 
length and password expiration. You can 
even use NET ACCOUNTS to force a 
synchronisation of accounts, with the com¬ 
mand 

net accounts /sync 

Run this command from a Primary 
Domain Controller (PDC) to synchronise 
all the Backup Domain Controllers 
(BDCs) with the PDC. If you run it from 
a BDC, you synchronise only that one 
server with the PDC. 


Server Configuration 
and Control 

You can display and configure the settings 
for a service with the NET CONFIG 
command, and start, pause, and stop a ser¬ 
vice with the NET START, NET PAUSE, 
and NET STOP commands followed by 
the service name. You can configure the 
server service and the workstation service 
with the NET CONFIG SERVER or 
NET CONFIG WORKSTATION com¬ 
mand. You can stop services such as SQL 
Server (which runs as a service) by adding 
the name of the service to the appropriate 
NET command: 
net stop MSSQLServer 

And of course, you can do the same to 
any NT service, including the browser, 
the server service, and the net logon 
service. 

Batch Files 

Because you run all these commands from 
the command prompt, you can combine 
them into batch files .You can run the batch 
file interactively or at a scheduled time 
using NT’s built-in AT command. (For 
more information on using the AT com¬ 
mand to schedule jobs, see Windows NT 
Help or type 

at/? 

at the command prompt for a list of para¬ 
meters.) 

I showed you some examples for adding 
users and groups to a domain. Other possi¬ 
ble uses include stopping services at night 
or before scheduled maintenance opera¬ 
tions, such as backups or disk defragment¬ 
ing. Once the scheduled operation is com¬ 
plete, you can restart the services. 

A Quick Help Message Lookup 

Suppose users call you and say that they 
just ran into an operating system error, and 
they have the error number but not much 
more information. If they are running NT, 
you can quickly get a short explanation of 
the error. Type 

net helpmsg <message#> 


For example, NET HELPMSG 2182 will 
tell you that you are trying to start a service 
that is already running. OK, so this com¬ 
mand doesn’t produce a comprehensive 
message database, but it’s available on the 
system if you need it. 

Synchronise Your Clocks 

Systems administrators often use the NET 
TIME command to synchronise the time 
on servers, and sometimes on client work¬ 
stations, around the network. Keeping the 
time synchronised is important for applica¬ 
tions such as Systems Management Server 
(SMS) and for tasks such as scheduled 
backups of user files. 

You can include the NET TIME com¬ 
mand in a user’s login script, to make sure 
that the user’s computer is always synchro¬ 
nised with the server. The syntax is 

net time //server_name /set /y 

to synchronise the clock of the local com¬ 
puter with that of the server you specify. 
And yes, it works even across time zones. 

Back to Basics 

You can do so much with NET com¬ 
mands. Try them out on your network, and 
see how you can use them to automate and 
simplify tasks. In these days of browser 
interfaces and wizards, people forget plain 
old command line utilities and batch files. 
They typify an older generation of soft¬ 
ware: programs that did only one thing but 
did it well and did it fast. Command line 
utilities have a place, even in a modern 
operating system. O 
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T| Many of the recent security holes found 
s_' in Windows NT have to do with 
TCP/IP ports. What are these ports? 


h: Port numbers fall into three ranges: 
Well-Known Ports, Registered Ports, and 
Dynamic and/or Private Ports. Well- 
Known Ports are those from 0 through 
1023, Registered Ports are those from 
1024 through 49151, and Dynamic 
and/or Private Ports are those from 49152 
through 65535. Let me focus on the Well- 
Known Ports because NT is most suscep¬ 
tible to attacks using these ports. 

The Internet Assigned Numbers 
Authority (IANA) assigns Well-Known 
Ports. On most systems, only system 
or root processes or programs that 
privileged users execute can access these 
ports. 

TCP uses ports to name the ends of 
logical connections for long-term conver¬ 
sations. A service contact port lets you 
provide services to unknown callers, and 
the server process uses this port as its con¬ 
tact port. The service contact port is 
sometimes called the Well-Known port. 

The assigned ports use a small portion 
of the possible port numbers. For many 
years, the assigned ports ranged from 0 
to 255. Recently, the number of assigned 
ports that IANA oversees has expanded 
and now ranges from 0 to 1023. Table 1 
lists some of these ports and describes 
their purpose. For a complete list of ports, 
go to http://www.isi.edu/div7/iana/. 


® Can you explain the term Network 
Basic Input/Output System 
(NetBIOS) and how Microsoft uses it? 



■ Screen 1: 
Configuring the 
buffers the 
redirector reserves 
for network 
performance 


A: First, everything I’m about to say 
regarding NetBIOS will change when 
Microsoft releases Windows NT 5.0, 
because you will no longer have to run 
NetBIOS over TCP/IP. In NT 3.5x and 
4.0, NetBIOS is a requirement that 
defines a software interface and a naming 
convention, not a protocol. 

In 1985, IBM introduced NetBEUI to 
provide a protocol for programs designed 
around the NetBIOS interface. 
Unfortunately, NetBEUI is a small proto¬ 
col without a networking layer and there¬ 
fore is not a routable protocol. In fact, 
NetBEUI is more a peer-to-peer proto¬ 
col (Windows 95) than a client/server 
protocol. In contrast, running NetBIOS 
over TCP/IP (NetBT) provides the 
NetBIOS programming interface over 
the TCP/IP protocol. This configuration 
extends NetBIOS client/server programs 
to large LANs and WANs with true rout¬ 
ing capabilities. Figure 1 shows how you 
can use NetBIOS with TCP/IP to create 
NetBT. 

The NT Workstation, Server, Browser, 
Messenger and Net Logon services are all 
direct NetBT clients that use the trans¬ 


port driver interface (TDI) to communi¬ 
cate with NetBT. NT also includes a 
NetBIOS emulator that takes standard 
NetBIOS requests from NetBIOS pro¬ 
grams and translates them to equivalent 
TDI primitives. 

NetBIOS Names 

All NetBIOS names must be unique and 
16 characters in length. NetBIOS names 
identify available resources that NT regis¬ 
ters dynamically when computers and ser¬ 
vices start or users log on. NT uses a 
NetBIOS Name Query to locate a 
resource by resolving the NetBIOS name 
to an IP address. Microsoft networking 
components, such as NT’s Workstation 
and Server services, let the user or admin¬ 
istrator specify the first 15 characters of a 
NetBIOS name but reserve the 16th char¬ 
acter to identify a resource type. (You can 
increase the length of a single-element 
NetBIOS name by appending a NetBIOS 
Scope to the NetBIOS name; e.g., bob- 
space.bobs place.com. You can append a 
NetBIOS Scope from the Network applet 
in Control Panel (open the applet, click 
the Protocols tab, select the TCP/IP pro- 
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NetBIOS over TCP/IP 


■ Figure 1: 

NetBIOS Combined with TCP/IP 


tocol, click Properties, and select the 
WINS Address tab). As a general rule, I 
don’t recommend appending NetBIOS 
scopes because trusts can be broken, pass¬ 
through authentication can fail, and net¬ 
work setup can become very complex. 

NetBIOS Name Registration 
and Resolution 

To locate NetBIOS resources, NT 3.5x 
and 4.0 computers use several methods 
such as the NetBIOS name cache, 
NetBIOS name server, IP subnet broad¬ 
casts, static LMHOSTS files, static 
HOSTS files, and Domain Name System 
(DNS) servers. NT 3.1 used LMHOSTS 
files and standard broadcasts. NT 3.5x and 
4.0 implement Windows Internet Name 
Service (WINS) to let NetBIOS programs 
query the DNS namespace by appending 
configurable domain suffixes to a 
NetBIOS name. This NetBIOS name res¬ 
olution depends on node type and com¬ 
puter configuration. 

NT supports the following node types: 

1. B-node (broadcast node) - Client 
uses standard broadcasts for name registra¬ 
tion and resolution. 

2. P-node (point-to-point node) - 
Client does not use broadcasts but instead 


uses only point-to-point name queries to 
a NetBIOS name server (in this case, a 
WINS server) for name registration and 
resolution. 

3. M-node (mixed node) — Client uses 
broadcasts for name registration. For name 
resolution, the client tries broadcasts first. 
If the client does not receive an answer, it 
switches to p-node. 

4. H-node (host node) - Client uses a 
NetBIOS name server (host) for both 
name registration and resolution. If the 
client cannot locate a name server, it 
switches to b-node. The client continues 
to poll for a name server and switches back 
to p-node when one becomes available. 

5. Microsoft-enhanced - Client uses 
local LMHOSTS files or WINS proxies 
plus Windows Sockets gethostbynameO 
calls (using standard DNS and local 
HOSTS files) in addition to standard node 
types. 

By default, most WINS clients are 
h-nodes. They attempt to use a WINS 


server to register and resolve names. If that 
attempt fails, they try local subnet broad¬ 
casts. A name server is preferable to broad¬ 
casts because broadcasts aren’t usually 
routable and broadcasts add to the net¬ 
work noise because all computers on a 
subnet receive the broadcasts. 

NetBT and DNS 

For computers to talk to other computers 
using NetBT, you need a way to resolve a 
NetBIOS name into an IP address. 
Although Windows-based networks use 
NetBT for name resolution over TCP/IP, 
DNS is widely used to resolve names over 
TCP/IP networks on the Internet. NT 
Server 4.0 provides expanded support for 
DNS by implementing a DNS server. 

A DNS name is similar to a NetBIOS 
name because it provides a user-friendly 
identifier for a computer or other net¬ 
work device. DNS computer names con¬ 
sist of two parts: a host name and a do¬ 
main name. When combined, they form 


■ table i: Commonly Used Ports 


Name Port No. Description 


Qotd 17 

ftp-data 20 

ftp 21 

ssh 22 

telnet 23 

smtp 25 

time 37 

name 42 

nameserver 42 

nicname 43 

domain 53 

bootps 67 

tftp 69 

gopher 70 

finger 79 

http 80 

www 80 

kerberos 88 

pop3 110 

sqlserv 118 

nntp 119 

ntp 123 

snmp 161 

snmptrap 162 

exec 512 

login 513 

shell 514 

printer 515 

whoami 565 


Quote of the Day 
File Transfer [Default Data] 

File Transfer [Control] 

SSH Remote Login Protocol 
Telnet 

Simple Mail Transfer 
Time 

Host Name Server 
Host Name Server 
Who Is 

Domain Name Server 
Bootstrap Protocol Server 
Trivial File Transfer 
Gopher 
Finger 

World Wide Web HTTP 
World Wide Web HTTP 
Kerberos 

Post Office Protocol - Version 3 
SQL Services 

Network News Transfer Protocol 
Network Time Protocol 
SNMP 
SNMPTRAP 

Remote Process Execution; authentication performed using passwords 

Remote Login via Telnet; automatic authentication performed based on privileged 

port numbers and distributed databases that identify “authentication domains’’ 

CMD 

Spooler 

Who Am I 
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TABLE 2: Ni 


'arameter 

castNameQueryCount 

castQueryTimeout 

raadcastAddress 


acheTimeout 

nableProxyCheck 

nableProxyRegCheck 

litialRefreshTimeout 

mhostsTimeout 

laxOgramBuffering 

laxPreload 

lameServerPort 

lameSrvQueryCount 


BT Registry! 

Type 

Sittings 

Range 

Default 

Description 

REGJWORD 

1 to OxFFFF 

3 

This parameter determines the number of times NetBT broadcasts a query for a 
given name without receiving a response. 

REG_DW0RD 

100 to OxFFFFFFFF 
milliseconds 

750 msec 

This parameter determines the time interval between successive 
broadcast name queries for the same name. 

REGJWORD 

0 to OxFFFFFFFF 

The ones-flavoured 
subnet broadcast 
address for each 
network 

This parameter forces NetBT to use a specific address for all broadcast name-related 
packets. By default, NetBT uses the ones-flavour subnet broadcast address appropriate 
for each net (i.e., for a net of Tl .101.0.0 with a mask of 255.255.0.0, the subnet 
broadcast address is 0.101.255.255). You set this parameter (using the Use 
ZeroBroadcast TCP/IP parameter), for example, if the network uses the zeros-flavour 
broadcast address. The appropriate subnet broadcast address is then 0.101.0.0 in the 
example above. This parameter would then be set to 0x0b650000. Note that this 
parameter is global and will be used on all subnets to which NetBT is bound. 

REGJWORD 

60000 to OxFFFFFFFF j 
milliseconds 

0x927C0 (10 minutes) 

This parameter determines how long names are cached in the remote 
name table. 

REG DWORD 

0 or 1 

0 (disabled) 

This parameter causes the proxy to check name registrations from b-nodes against the 
WINS database by doing a name query to WINS. If the check finds the name in WINS 
with a different IP address, the proxy will send a name registration failure message to the 
b-node. Set this value to 1 to verify that b-nodes do not claim names that p-nodes have. 

REGJWORD 

0 or 1 

0 (false) 

If this parameter is set to 1 (tree), the proxy name server will send a negative response 
to a broadcast name registration if the name is already registered with WINS or is in 
the proxy's local name cache with a different IP address. The hazard of enabling this 
feature is that it prevents a system from changing its IP address as long as WINS 
has a mapping for the name. For this reason, this parameter is disabled by default 

REGJWORD 

960,000 to OxFFFFFFF 
milliseconds 

960,000 (16 minutes) ! 

This parameter specifies the initial refresh timeout that NetBT uses during name 
registration. NetBT tries to contact the WINS servers at 1/8th of this time interval 
when it first registers names. When it receives a successful registration response, that 
response will contain the new refresh interval to use. 

REGJWORD 

1000 to OxFFFFFFFF 

T milliseconds 

6000 (6 seconds) 

% parameter specifies the timeout value for LMH0STS and DNS name queries. 

The timer has a granularity of the timeout value, so the timeout could be as long as 
twice the value. 

REGJWORD 

0 to OxFFFFFFFF bytes 

0x20000 (128KB) 

This parameter specifies the maximum amount of memory that NetBT will 
dynamically allocate for all outstanding datagram sends. Once this limit is reached, 
further sends will fail because of insufficient resources. 

REGJWORD 

Number 

100 

This parameter specifies the maximum NetBT number of entries for LMHOSTS that 
are preioaded into the NetBT NetBIOS name cache. LMHOSTS is a file in the 
directory specified by DatabasePath. 

REGJWORD 

0 to OxFFFF (UPD 
port number) 

0x89 

This parameter determines the destination port number to which NetBT will send name 
service-related packets such as name queries and name registrations to WINS. The 
Microsoft WINS listens on port 0x89. NetBIOS name servers from other vendors may 
listen on different ports. 

REGJWORD 

0 to OxFFFF 

3 

This parameter determines how many times NetBT sends a query to a WINS server 
for a given name without receiving a response. 


he fully qualified domain name (FQDN). 

NetBIOS computer names are analo¬ 
gous to DNS host names. However, a DNS 
lame can be as long as 255 characters, but 
:he NetBIOS name is limited to 15 user- 
iefinable characters. (In NT, the default 
node is the NetBIOS name. However, you 
;an form an FQDN by removing the 16th 
:haracter in the NetBIOS name and replac- 
ng it with a period and the DNS domain 
lame. NT 4.0 accepts an IP address, an 
FQDN, or a NetBIOS name.) 


How Does It Work? 

NetBT Sessions 

NetBT sessions consist of an established con¬ 
nection between two names. For example, 
when an NT workstation makes a connec¬ 
tion to an NT server, a sequence of events 
takes place. First, NT resolves the NetBIOS 
server name to an IP address. Then, the net¬ 
work services establish a TCP/IP connection 
from the workstation to the server, using 
port 139. Finally, the workstation sends a 
NetBIOS session request to the server name 


over the TCP/IP connection. Assuming the 
server is listening on that name, it will 
respond affirmatively to establish the session. 

After the computers establish the initial 
NetBIOS connection, the workstation and 
server negotiate a higher level network pro¬ 
tocol for further use. Microsoft networking 
uses only one NetBT session between two 
names at any time. NT multiplexes any addi¬ 
tional file or print sharing connections made 
after the initial connection over that same 
NetBT session. NetBIOS keepalives (net- 




■ table 2: NetBT Registry Settings (continued) 

Parameter Type Range Default 

Description 

NameSrvQueryTimeout 

REGJWORD 

100 to QxFFFFFFFF 
milliseconds 

750 msec 

This parameter determines the time interval between successive name queries to 

WINS for a given name. 

NbtKeepAlive 

REGJWORD 

Number in seconds 

1 (Generate NetBT 
keep-alive traffic) 

This parameter specifies how often NetBT will generate keep-alive traffic. When NetBT 
determines that no activity has occurred on a connection for the specified time 
interval it generates keep-alive traffic to probe the connection. If TCP/IP cannot 
deliver this traffic, it marks the connection as down and notifies NetBT. 

NodeType 

REGJWORD 

1,2,4, or 8 

1 or 8 based on 
the WINS server 
configuration 

This parameter specifies the node type, where 1 = b-node, 2 = p-node, 4 = m-node, 

8 = lt-node. A b-node system uses broadcasts. A p-node system uses only point- to- 
point name queries to a name server (WINS). An m-node system broadcasts first, then 
queries the name server. An h-node system queries the name server first, then 
broadcasts. Resolution via LMHOSTS and DNS, if enabled, will follow these methods. If 
this key is present, it will override the DhcpNodeType key. If neither key is present, the 
system defaults to b-node if no WINS servers are configured for the network. The 
system defaults to h-node if at least one WINS server is configured. 

PennanentName 

REGJZ 

Unique name 

The value of 

IPAddress in dotted 
decimal 

This parameter specifies the permanent name of the NetBIOS node for NetBT. In many 
NetBIOS Implementations, this Is the MAC address. This name must be unique. 

RandomAdapter 

REGJWORD 

0 or 1 

0 (false) 

This parameter applies to a multi-homed machine only. If you set the value to 1 (true), 
NetBT will randomly choose the IP address to put in a name query response from all 
its bound interfaces. Normally, the response contains the address of the interface on 
which the query arrived. You use this feature on a server with two interfaces on the 
same network for load balancing. You must set the SingleResponse parameter to a 
value of 1 (true) for this parameter to take effect 

RefreshOpCode 

REGJWORD 

8 or 9 

8 

This parameter forces NetBT to use a specie opcode in name refresh packets. The 
specification for the NetBT protocol is somewhat ambiguous in this area. Although the 

some other implementations, such as those by Ungermann-Bass, use the value 9. Two 
implementations must use the same opcode to interoperate. 

SessionKeepAlive 

REGJWORD 

60f)00 to QxFFFFFFFF 
milliseconds 

60,000 (1 hour) 

This parameter determines the time interval between keep-alive transmissions on a 
session. Setting the value to OxFFFFFFFF disables keepalives. 

SingleResponse 

REGJWORD 

0 or 1 

0 (false) 

This parameter applies to a multi-homed machine only. If this parameter is set to 1 
(true), NetBT will supply an IP address from only one of its bound interfaces in name 
query responses. By default the addresses of all bound interfaces are included. This 
parameter must be set to 1 (hue) to enable the RandomAdapter feature. 

Size/Sniall/Medium/Large 

REGJWORD 

1,2, or 3 

1 (small) 

This parameter determines the size of the name tables used to store local and remote 
names. In general, 1 (small) Is adequate. If the system is a proxy name server, the value 
is automatically set to 3 (large) to increase the size of the name cache hash table. Large 
(3) sets the number of hash buckets to 256, medium (2) to 128, small to 16. 

WinsDownTimeout 

REGJWORD 

1000 to OxFFFFFFFF 
msec 

15,000 (15 seconds) 

This parameter determines how long NetBT will wait before again trying to use 

WINS after it fails to contact any WINS server. This feature primarily lets machines 
that are temporarily disconnected from the network, such as laptops, proceed 
through the boot processing without waiting to time out each WINS name 
registration or query individually. 


work traffic that keeps the NetBT connec¬ 
tion signal alive) are constantly maintaining 
these sessions. 

For example, if a user shuts down 
a workstation abrupdy, the server will even¬ 
tually clean up the connection to that work¬ 
station and associated resources. The 
SessionKeepAlive Registry parameter, as you 
see in Table 2, controls the NetBIOS keep- 
alives. The default setting for this Registry 
parameter is once per hour. 

Subde mistakes can cause serious and 


confusing NetBIOS errors. For example, did 
you ever wonder what Error 51 “remote 
computer not listening” means? If you use 
LMHOSTS files and misspell an entry, you 
can attempt to use the correct IP address but 
an incorrect name to connect to a server. In 
this case, NT will still establish a TCP/IP 
connection to the server. However, the serv¬ 
er will reject the NetBIOS session request 
because the session request is using the 
wrong name and no IP address is connected 
with that name. 


How Does It Work? 

NetBT Datagram Services 

NT sends NetBT datagrams from one Net¬ 
BIOS name to another over User 
Datagram Protocol (UDP) port 138. The 
datagram service lets you send a message to 
a unique name or to a group name. Group 
names can resolve to a list of IP addresses or 
to a broadcast. 

For example, the command net send 
/d.BOBSPLACE hello sends a datagram 
containing the text hello to the group name 





:BOBSPLACE>. The <BOBS 
’LACE> group name resolves to an IP 
ubnet broadcast. When you use this com- 
nand, NT sends the datagram with the fol- 
awing characteristics: 

Destination MAC address: broadcast 
255.255.255.255) 

Source MAC address: The NIC address 
if the local computer 

Destination IP address: The local subnet 
roadcast address 

Source IP address: The IP address of the 
3cal computer 

Destination name: <BOBSPLACE> 


(the messenger service on the remote 
computers) 

Source name: <localcomputername> 
(the messenger service on the local com¬ 
puter) 

All hosts on the subnet pick up the data¬ 
gram and process it at least to the UDP pro¬ 
tocol. On hosts running a NetBIOS data¬ 
gram service, UDP hands the datagram to 
NetBT on port 138. NetBT checks the des¬ 
tination name to see whether any program 
has posted a datagram receive on it. If so, 
NetBT passes the datagram on. If no receive 
is posted, NetBT discards the datagram. 


Registry Entries 

NT stores several entries for NetBT in the 
HKEY_LOCAL_MACHINE\SYS- 
TEM\CurrentControlSet\Services\NetBt\ 
Parameters key of the NT Registry. I’ve 
included several of these parameters, their 
settings, and a description of each in Table 2. 

Send us your tips and questions. You 
can also visit Bob Chronister's online 
Tricks & Traps at http://www.winntmag. 
com/forums/index.html. 
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Seagate aims for the stars 


In one of the more interesting (though some 
may say lame) marketing exercises ever 
attempted by an IT company, Seagate is 
promoting its Seagate Crystal Info 6 pack¬ 
age (formerly codenamed Black Widow) 
with a comic book mutilation of Star Trek. 
Called Info Trek, it has the valiant Captain 
Curt, Spotty and Schlock fighting an 
unknown enemy using - you've guessed 
it - a Seagate business intelligence tool. 
If you want to help campaign against this 
form of incredibly bad humour, call 
Seagate to complain.__ 


A truthful d Li p up? 


Security Alert 


A reader recently told me that a con¬ 
sulting firm installing more 
than 50,000 NT work¬ 
stations ran into a little 
problem. If you enable 
Auditing of Failed Logons 
on Windows NT Server 
3.51 or 4.0 and then have a 
failed logon from an 
NT 3.51 or 4.0 
workstation, the 
failure doesn't Jto 
appear in the n 
security log file! ]| 


Will Neural Directory Services save Novell 


At an informal Novell press function it was revealed by 
a rather odd looking member of its R+D staff that, ten 
years down the track, NDS will stand for 
Neural Directory Services, rather than 
| Novell Directory Services. "It'll use 
<3 female intuition," he proclaimed, whilst 
1 performing a magic card trick. According 
to the self-proclaimed doctor, NDS 
will automatically know 
what you're looking for | 

1 in your system. However, 
unfortunately for Novell the 
doctor ended up being merely j 
a clown and not a lovable j 
scientist at all - a pity, 
because maybe a neural | 
directory service would 


If you've ever had to wrestle with Dynamic Host 
Configuration Protocol (DHCP), you might find this 
tidbit both amusing and truthful. In Windows NT 

Server 4.0, look under the Services tab of 
Network properties and highlight the 
DHCP service. The help text informs you that 
DHCP stands for Dynamic 
Hose Configuration 

Protocol. Coincidence? 


give Novell more of 


competitive 


Some Old Business: 


You be the judge. 


I need to take care of some old business. In the December/January 
1997/1998 issue, I incorrectly reported that a Lexmark 1030 printer fried the 
motherboard of several systems. Lexmark doesn't manufacture a Lexmark 
1030 printer. Sorry for any inconvenience this error might have caused. 
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THE NEXT. 


SyncMaster 

Total Performance Monitors 

A new generation of multimedia monitors. 

The world’s most awarded range of monitors now introduces the next generation: 

SyncMaster Total Performance Monitors. 

All fourteen models have multimedia capability, combining high resolution images with 
high quality sound. All backed by Samsung’s three year warranty. 

Before you buy your next monitor, look and listen to the future now. Call 1800 800 574. 

DEVELOPING THE WORLD’S LEADING I.T.PRODUCTS • COMPUTERS • MONITORS • PRINTERS • HDD • DVD-ROM • FAX • PHONES • ATM 
• CDMA NETWORK • TFT-LCD • SEMICONDUCTOR http://www.samsungelectronics.com 
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“ who turned 


the lights out? ” 


When your system goes down there's only one thing manage the very largest mixed Netware, NT and 

you want more that anything else. The information Unix networks you can be sure your company's 

you can't have. most valuable asset is protected. So when the 

Relax. With Seagate Backup Exec your information inevitable does happen, you can relax. 


is safe and sound. 

Seagate Backup Exec is the world's leading 
NT backup solution. And now, with the 
Intelligent Disaster Recovery option, it's 
even more dependable. 

Because Seagate Backup Exec is scalable 
from desktop to enterprise, even if you 



For information on a wide range of multi¬ 
award winning desktop, network and 
storage management solutions for your 
LAN or enterprise, call: 

Seagate Software on 1800 671 796 . 
For information the way you want it, 
when you want it. 
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